Skip to content

Latest commit

 

History

History
591 lines (590 loc) · 83.9 KB

TOPUSDEPTOFDEFENSE.md

File metadata and controls

591 lines (590 loc) · 83.9 KB
Raw

Top reports from U.S. Dept Of Defense program at HackerOne:

  1. Stored Xss Vulnerability on ████████ to U.S. Dept Of Defense - 185 upvotes, $0
  2. Bypassing CORS Misconfiguration Leads to Sensitive Exposure to U.S. Dept Of Defense - 142 upvotes, $0
  3. Public instance of Jenkins on https://██████████/ with /script enabled to U.S. Dept Of Defense - 112 upvotes, $0
  4. Remote Code Execution in ██████ to U.S. Dept Of Defense - 91 upvotes, $0
  5. XXE in DoD website that may lead to RCE to U.S. Dept Of Defense - 89 upvotes, $0
  6. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 83 upvotes, $0
  7. [SQLI ]Time Bassed Injection at ██████████ via referer header to U.S. Dept Of Defense - 82 upvotes, $0
  8. SQL Injection on www.██████████ on countID parameter to U.S. Dept Of Defense - 79 upvotes, $0
  9. SQL Injection in ████ to U.S. Dept Of Defense - 71 upvotes, $0
  10. CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 69 upvotes, $0
  11. RCE on █████ via CVE-2017-10271 to U.S. Dept Of Defense - 68 upvotes, $0
  12. [█████████] Administrative access to Oracle WebLogic Server using default credentials to U.S. Dept Of Defense - 61 upvotes, $0
  13. Remote Code Execution through DNN Cookie Deserialization to U.S. Dept Of Defense - 55 upvotes, $0
  14. Log4Shell: RCE 0-day exploit on █████████ to U.S. Dept Of Defense - 48 upvotes, $0
  15. LFI with potential to RCE on ██████ using CVE-2019-3396 to U.S. Dept Of Defense - 47 upvotes, $0
  16. Information disclousure by clicking on the link shown in http://████████/ to U.S. Dept Of Defense - 47 upvotes, $0
  17. SQL Injection in ████ to U.S. Dept Of Defense - 46 upvotes, $0
  18. SQL Injection vulnerability located at ████████ to U.S. Dept Of Defense - 44 upvotes, $0
  19. Gateway information leakage to U.S. Dept Of Defense - 43 upvotes, $0
  20. Leaked DB credentials on https://██████████.mil/███ to U.S. Dept Of Defense - 43 upvotes, $0
  21. Local File Inclusion vulnerability on an Army system allows downloading local files to U.S. Dept Of Defense - 41 upvotes, $0
  22. Unauthenticated Access to Admin Panel Functions at https://██████████/████████ to U.S. Dept Of Defense - 41 upvotes, $0
  23. Remote Code Execution via Insecure Deserialization in Telerik UI to U.S. Dept Of Defense - 40 upvotes, $0
  24. Account takeover through CSRF in http://███████/██████████/default.asp to U.S. Dept Of Defense - 39 upvotes, $0
  25. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████ to U.S. Dept Of Defense - 36 upvotes, $5000
  26. HTTP Request Smuggling to U.S. Dept Of Defense - 36 upvotes, $0
  27. Blind Stored XSS Payload fired at the backend on https://█████████/ to U.S. Dept Of Defense - 32 upvotes, $0
  28. Web Cache Poisoning on █████ to U.S. Dept Of Defense - 32 upvotes, $0
  29. EC2 subdomain takeover at http://████████/ to U.S. Dept Of Defense - 32 upvotes, $0
  30. Remote code execution on an Army website to U.S. Dept Of Defense - 31 upvotes, $0
  31. Pulse Secure File disclosure, clear text and potential RCE to U.S. Dept Of Defense - 31 upvotes, $0
  32. Unrestricted File Upload to U.S. Dept Of Defense - 30 upvotes, $0
  33. XXE on DoD web server to U.S. Dept Of Defense - 30 upvotes, $0
  34. [██████] Cross-origin resource sharing misconfiguration (CORS) to U.S. Dept Of Defense - 30 upvotes, $0
  35. POST based RXSS on https://███████/ via ███ parameter to U.S. Dept Of Defense - 30 upvotes, $0
  36. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 29 upvotes, $0
  37. SSRF+XSS to U.S. Dept Of Defense - 29 upvotes, $0
  38. SOAP WSDL Parser SQL Code Execution to U.S. Dept Of Defense - 29 upvotes, $0
  39. DoD internal documents are leaked to the public to U.S. Dept Of Defense - 29 upvotes, $0
  40. SQL injection to U.S. Dept Of Defense - 28 upvotes, $0
  41. Reflected Xss to U.S. Dept Of Defense - 28 upvotes, $0
  42. 403 Forbidden Bypass at www.██████.mil to U.S. Dept Of Defense - 28 upvotes, $0
  43. Information Disclosure to U.S. Dept Of Defense - 27 upvotes, $0
  44. Trace.axd page leaks sensitive information to U.S. Dept Of Defense - 27 upvotes, $0
  45. SSRF vulnerability on ██████████ leaks internal IP and various sensitive information to U.S. Dept Of Defense - 26 upvotes, $0
  46. SQL injection my method -1 OR 321=6 AND 000159=000159 to U.S. Dept Of Defense - 26 upvotes, $0
  47. Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 25 upvotes, $0
  48. Command Injection (via CVE-2019-11510 and CVE-2019-11539) to U.S. Dept Of Defense - 24 upvotes, $0
  49. ████ - Complete account takeover to U.S. Dept Of Defense - 24 upvotes, $0
  50. SQL Injection in the move_papers.php on the https://██████████ to U.S. Dept Of Defense - 24 upvotes, $0
  51. Request smuggling on ████████ to U.S. Dept Of Defense - 23 upvotes, $0
  52. CSRF Account Deletion on ███ Website to U.S. Dept Of Defense - 23 upvotes, $0
  53. █████████ IDOR leads to disclosure of PHI/PII to U.S. Dept Of Defense - 23 upvotes, $0
  54. Default Admin Username and Password on █████ Server at █████████mil to U.S. Dept Of Defense - 23 upvotes, $0
  55. RCE on a Department of Defense website to U.S. Dept Of Defense - 22 upvotes, $0
  56. [Partial] SSN & [PII] exposed through iPERMs Presentation Slide. to U.S. Dept Of Defense - 22 upvotes, $0
  57. Reflected XSS in https://www.█████/ to U.S. Dept Of Defense - 22 upvotes, $0
  58. CSRF to Cross-site Scripting (XSS) to U.S. Dept Of Defense - 22 upvotes, $0
  59. Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935) to U.S. Dept Of Defense - 22 upvotes, $0
  60. SQL injection on the https://████/ to U.S. Dept Of Defense - 21 upvotes, $0
  61. Examples directory is PUBLIC on https://████████mil, leading to multiple vulns to U.S. Dept Of Defense - 21 upvotes, $0
  62. Video player on ███ allows arbitrary remote videos to be played to U.S. Dept Of Defense - 21 upvotes, $0
  63. Subdomain takeover due to an unclaimed Amazon S3 bucket on ███ to U.S. Dept Of Defense - 21 upvotes, $0
  64. Reflected XSS in https://www.██████/ to U.S. Dept Of Defense - 21 upvotes, $0
  65. Apache solr RCE via velocity template to U.S. Dept Of Defense - 21 upvotes, $0
  66. Full account takeover on https://████████.mil to U.S. Dept Of Defense - 21 upvotes, $0
  67. SSRF on █████████ Allowing internal server data access to U.S. Dept Of Defense - 20 upvotes, $0
  68. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ to U.S. Dept Of Defense - 20 upvotes, $0
  69. CSRF - Close Account to U.S. Dept Of Defense - 20 upvotes, $0
  70. IDOR to Account Takeover on https://████/index.html to U.S. Dept Of Defense - 20 upvotes, $0
  71. ███ exposes sensitive shipment information to public web to U.S. Dept Of Defense - 19 upvotes, $0
  72. Access to all █████████ files, including CAC authentication bypass to U.S. Dept Of Defense - 19 upvotes, $0
  73. Publicly accessible Order confirmations leaking User Emails on ███ to U.S. Dept Of Defense - 19 upvotes, $0
  74. Path traversal on https://███ allows arbitrary file read (CVE-2020-3452) to U.S. Dept Of Defense - 19 upvotes, $0
  75. [CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████ to U.S. Dept Of Defense - 19 upvotes, $0
  76. Reflected XSS on ███ to U.S. Dept Of Defense - 19 upvotes, $0
  77. [REMOTE] Full Account Takeover At https://██████████████/CAS/ to U.S. Dept Of Defense - 18 upvotes, $0
  78. Subdomain takeover of ████ to U.S. Dept Of Defense - 18 upvotes, $0
  79. Remote Code Execution on █████████ to U.S. Dept Of Defense - 18 upvotes, $0
  80. https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD to U.S. Dept Of Defense - 18 upvotes, $0
  81. critical information disclosure to U.S. Dept Of Defense - 18 upvotes, $0
  82. Self stored Xss + Login Csrf to U.S. Dept Of Defense - 18 upvotes, $0
  83. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
  84. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
  85. Remote Code Execution (RCE) in DoD Websites to U.S. Dept Of Defense - 17 upvotes, $0
  86. ███████ Site Exposes █████████ forms to U.S. Dept Of Defense - 17 upvotes, $0
  87. Partial SSN exposed through Presentation slides on ██████████ to U.S. Dept Of Defense - 17 upvotes, $0
  88. PII leakage due to scrceenshot of health records to U.S. Dept Of Defense - 17 upvotes, $0
  89. Self XSS combine CSRF at https://████████/index.php to U.S. Dept Of Defense - 17 upvotes, $0
  90. XSS Reflect to POST █████ to U.S. Dept Of Defense - 17 upvotes, $0
  91. Blind SQL iNJECTION to U.S. Dept Of Defense - 17 upvotes, $0
  92. Misconfigured password reset vulnerability on a DoD website to U.S. Dept Of Defense - 16 upvotes, $0
  93. ███ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability to U.S. Dept Of Defense - 16 upvotes, $0
  94. Reflected XSS on https://█████████/ to U.S. Dept Of Defense - 16 upvotes, $0
  95. Arbitrary File Read at ███ via filename parameter to U.S. Dept Of Defense - 16 upvotes, $0
  96. Sensitive information about a ██████ to U.S. Dept Of Defense - 15 upvotes, $0
  97. Blind stored XSS due to insecure contact form at https://█████.mil leads to leakage of session token and to U.S. Dept Of Defense - 15 upvotes, $0
  98. Unauth RCE on Jenkins Instance at https://█████████/ to U.S. Dept Of Defense - 15 upvotes, $0
  99. Password Reset link hijacking via Host Header Poisoning leads to account takeover to U.S. Dept Of Defense - 15 upvotes, $0
  100. XSS via X-Forwarded-Host header to U.S. Dept Of Defense - 15 upvotes, $0
  101. IDOR while uploading ████ attachments at [█████████] to U.S. Dept Of Defense - 15 upvotes, $0
  102. RXSS - https://████████/ to U.S. Dept Of Defense - 15 upvotes, $0
  103. IDOR to U.S. Dept Of Defense - 15 upvotes, $0
  104. Blind SQLi vulnerability in a DoD Website to U.S. Dept Of Defense - 14 upvotes, $0
  105. IDOR on DoD Website exposes FTP users and passes linked to all accounts! to U.S. Dept Of Defense - 14 upvotes, $0
  106. Open FTP server on a DoD system to U.S. Dept Of Defense - 14 upvotes, $0
  107. PII leakage due to caching of Order/Contract ID's on █████████ to U.S. Dept Of Defense - 14 upvotes, $0
  108. Blind SQL injection on ████████ to U.S. Dept Of Defense - 14 upvotes, $0
  109. XSS on www.██████ alerts and a number of other pages to U.S. Dept Of Defense - 14 upvotes, $0
  110. [█████] — DOM-based XSS on endpoint /?s= to U.S. Dept Of Defense - 14 upvotes, $0
  111. Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 14 upvotes, $0
  112. Remote Code Execution via CVE-2019-18935 to U.S. Dept Of Defense - 14 upvotes, $0
  113. CSRF to account takeover in https://███████.mil/ to U.S. Dept Of Defense - 14 upvotes, $0
  114. Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak to U.S. Dept Of Defense - 14 upvotes, $0
  115. CSRF in https://███ to U.S. Dept Of Defense - 14 upvotes, $0
  116. Expired SSL Certificate allows credentials steal to U.S. Dept Of Defense - 14 upvotes, $0
  117. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
  118. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
  119. [Critical] Full local fylesystem access (LFI/LFD) as admin via Path Traversal in the misconfigured Java servlet on the https://███/ to U.S. Dept Of Defense - 13 upvotes, $0
  120. PII leakage-Full SSN on ███ to U.S. Dept Of Defense - 13 upvotes, $0
  121. http://████/data.json showing users sensitive information via json file to U.S. Dept Of Defense - 13 upvotes, $0
  122. SSN leak due to editable slides to U.S. Dept Of Defense - 13 upvotes, $0
  123. Previously Compromised PulseSSL VPN Hosts to U.S. Dept Of Defense - 13 upvotes, $0
  124. Exposed Docker Registry at https://████ to U.S. Dept Of Defense - 13 upvotes, $0
  125. [SQLI ]Time Bassed Injection at ██████████ via /██████/library.php?c=G14 parameter to U.S. Dept Of Defense - 13 upvotes, $0
  126. CSRF to Stored HTML injection at https://www.█████ to U.S. Dept Of Defense - 13 upvotes, $0
  127. DOM Based XSS on https://████ via backURL param to U.S. Dept Of Defense - 13 upvotes, $0
  128. Insufficient Session Expiration on Adobe Connect | https://█████████ to U.S. Dept Of Defense - 13 upvotes, $0
  129. Subdomain takeover [​████████] to U.S. Dept Of Defense - 13 upvotes, $0
  130. Unrestricted File Download / Path Traversal to U.S. Dept Of Defense - 12 upvotes, $0
  131. DOM Based XSS on an Army website to U.S. Dept Of Defense - 12 upvotes, $0
  132. SQL injections to U.S. Dept Of Defense - 12 upvotes, $0
  133. Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604) to U.S. Dept Of Defense - 12 upvotes, $0
  134. No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service to U.S. Dept Of Defense - 12 upvotes, $0
  135. Old Session Does Not Expires After Password Change to U.S. Dept Of Defense - 12 upvotes, $0
  136. Administration Authentication Bypass on https://█████ to U.S. Dept Of Defense - 12 upvotes, $0
  137. Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
  138. Local file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
  139. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
  140. MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass to U.S. Dept Of Defense - 11 upvotes, $0
  141. SQL Injection in Login Page: https://█████/█████████/login.php to U.S. Dept Of Defense - 11 upvotes, $0
  142. PII/PHI data available on web https://████████Portals/22/Documents/Meetings to U.S. Dept Of Defense - 11 upvotes, $0
  143. Unrestricted File Upload Leads to XSS & Potential RCE to U.S. Dept Of Defense - 11 upvotes, $0
  144. PII Leak of USCG Designated Examiner List at https://www.███ to U.S. Dept Of Defense - 11 upvotes, $0
  145. Sensitive Information Leaking Through DoD Owned Website https://www.█████.mil to U.S. Dept Of Defense - 11 upvotes, $0
  146. Blind Stored XSS on ███████ leads to takeover admin account to U.S. Dept Of Defense - 11 upvotes, $0
  147. Path Traversal - [ CVE-2020-3452 ] to U.S. Dept Of Defense - 11 upvotes, $0
  148. Reflected XSS at [████████] to U.S. Dept Of Defense - 11 upvotes, $0
  149. XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 11 upvotes, $0
  150. All private support requests to ███████ are being disclosed at https://███████ to U.S. Dept Of Defense - 11 upvotes, $0
  151. Reflected Xss https://██████/ to U.S. Dept Of Defense - 11 upvotes, $0
  152. phpinfo() disclosure info to U.S. Dept Of Defense - 11 upvotes, $0
  153. XSS Reflected - ██████████ to U.S. Dept Of Defense - 11 upvotes, $0
  154. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
  155. SQL injection on █████ due to tech.cfm to U.S. Dept Of Defense - 10 upvotes, $0
  156. RCE on https://█████/ Using CVE-2017-9248 to U.S. Dept Of Defense - 10 upvotes, $0
  157. CSRF - Modify Company Info to U.S. Dept Of Defense - 10 upvotes, $0
  158. (CORS) Cross-origin resource sharing misconfiguration to U.S. Dept Of Defense - 10 upvotes, $0
  159. Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd to U.S. Dept Of Defense - 10 upvotes, $0
  160. Unauthenticated Arbitrary File Deletion ("CVE-2020-3187") in ████████ to U.S. Dept Of Defense - 10 upvotes, $0
  161. IDOR + Account Takeover [UNAUTHENTICATED] to U.S. Dept Of Defense - 10 upvotes, $0
  162. CORS misconfiguration which leads to the disclosure to U.S. Dept Of Defense - 10 upvotes, $0
  163. Reflected XSS on https://████/ (Bypass of #1002977) to U.S. Dept Of Defense - 10 upvotes, $0
  164. Local File Inclusion In Registration Page to U.S. Dept Of Defense - 10 upvotes, $0
  165. Reflected XSS In https://███████ to U.S. Dept Of Defense - 10 upvotes, $0
  166. critical information disclosure to U.S. Dept Of Defense - 10 upvotes, $0
  167. CSRF to Cross-site Scripting (XSS) to U.S. Dept Of Defense - 10 upvotes, $0
  168. Git repo on https://██████.mil/ discloses API password to U.S. Dept Of Defense - 10 upvotes, $0
  169. External Service Interaction (HTTP/DNS) on https://www.███ (██████████ parameter) to U.S. Dept Of Defense - 10 upvotes, $0
  170. Improper Access Control - Generic on https://████ to U.S. Dept Of Defense - 10 upvotes, $0
  171. https://████ is vulnerable to cve-2020-3452 to U.S. Dept Of Defense - 10 upvotes, $0
  172. Reflected XSS on https://██████ to U.S. Dept Of Defense - 10 upvotes, $0
  173. Reflected XSS through clickjacking at https://████ to U.S. Dept Of Defense - 10 upvotes, $0
  174. Reflected XSS through ClickJacking to U.S. Dept Of Defense - 10 upvotes, $0
  175. Rxss on █████████ via logout?service=javascript:alert(1) to U.S. Dept Of Defense - 10 upvotes, $0
  176. Broken Authentication to U.S. Dept Of Defense - 10 upvotes, $0
  177. Full account takeover in ███████ due lack of rate limiting in forgot password to U.S. Dept Of Defense - 10 upvotes, $0
  178. Privilege Escalation on a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
  179. Authentication bypass vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  180. Reflected XSS on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  181. Personal information disclosure on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  182. Blind SQLi in a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
  183. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  184. Path traversal on ████████ to U.S. Dept Of Defense - 9 upvotes, $0
  185. [CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc to U.S. Dept Of Defense - 9 upvotes, $0
  186. Unrestricted File Upload to ███████SubmitRequest/Index.cfm?fwa=wizardform to U.S. Dept Of Defense - 9 upvotes, $0
  187. SSN is exposed on slides, previous critical report was not fixed in an appropriate way to U.S. Dept Of Defense - 9 upvotes, $0
  188. Reflected XSS on ███████ to U.S. Dept Of Defense - 9 upvotes, $0
  189. Reflected XSS www.█████ search form to U.S. Dept Of Defense - 9 upvotes, $0
  190. IDOR leads to Leakage an ██████████ Login Information to U.S. Dept Of Defense - 9 upvotes, $0
  191. Reflected XSS at https://████████/███/... to U.S. Dept Of Defense - 9 upvotes, $0
  192. ███ on https://████ enable ███ scraping, injection, stored XSS to U.S. Dept Of Defense - 9 upvotes, $0
  193. Reflected XSS to U.S. Dept Of Defense - 9 upvotes, $0
  194. XML Injection / External Service Interaction (HTTP/DNS) On https://█████████.mil to U.S. Dept Of Defense - 9 upvotes, $0
  195. CSRF Based XSS @ https://██████████ to U.S. Dept Of Defense - 9 upvotes, $0
  196. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 9 upvotes, $0
  197. Reflected XSS in a Navy website to U.S. Dept Of Defense - 8 upvotes, $0
  198. Reflected XSS on an Army website to U.S. Dept Of Defense - 8 upvotes, $0
  199. Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
  200. Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
  201. File upload vulnerability on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  202. Remote code execution (RCE) in multiple DoD websites to U.S. Dept Of Defense - 8 upvotes, $0
  203. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  204. [Critical] Possibility to takeover any user account #2 without interaction on the https://██████████ to U.S. Dept Of Defense - 8 upvotes, $0
  205. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  206. SSRF in ███████ to U.S. Dept Of Defense - 8 upvotes, $0
  207. Server-Side Request Forgery (SSRF) to U.S. Dept Of Defense - 8 upvotes, $0
  208. [███] SQL injection & Reflected XSS to U.S. Dept Of Defense - 8 upvotes, $0
  209. PII Leak via https://████████ to U.S. Dept Of Defense - 8 upvotes, $0
  210. Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE to U.S. Dept Of Defense - 8 upvotes, $0
  211. xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php to U.S. Dept Of Defense - 8 upvotes, $0
  212. RCE (Remote code execution) in one of DoD's websites to U.S. Dept Of Defense - 8 upvotes, $0
  213. Сode injection host █████████ to U.S. Dept Of Defense - 8 upvotes, $0
  214. Stored XSS via Comment Form at ████████ to U.S. Dept Of Defense - 8 upvotes, $0
  215. SQLi in login form of █████ to U.S. Dept Of Defense - 8 upvotes, $0
  216. DOM XSS on https://www.███████ to U.S. Dept Of Defense - 8 upvotes, $0
  217. Unauthenticated Arbitrary File Deletion "CVE-2020-3187" in █████ to U.S. Dept Of Defense - 8 upvotes, $0
  218. PII Information Leak at https://████████.mil/ to U.S. Dept Of Defense - 8 upvotes, $0
  219. PII Leak via /████████ to U.S. Dept Of Defense - 8 upvotes, $0
  220. XML Injection on https://www.█████████ (███ parameter) to U.S. Dept Of Defense - 8 upvotes, $0
  221. RCE in ██████ subdomain via CVE-2017-1000486 to U.S. Dept Of Defense - 8 upvotes, $0
  222. Reflected XSS at www.███████ at /██████████ via the ████████ parameter to U.S. Dept Of Defense - 8 upvotes, $0
  223. Unauthorized access to admin panel of the Questionmark Perception system at https://██████████ to U.S. Dept Of Defense - 8 upvotes, $0
  224. SQLi on █████████ to U.S. Dept Of Defense - 8 upvotes, $0
  225. XSS on ███ to U.S. Dept Of Defense - 8 upvotes, $0
  226. Cache Posioning leading to denial of service at █████████ - Bypass fix from report #1198434 to U.S. Dept Of Defense - 8 upvotes, $0
  227. Unauthenticated Access to Admin Panel Functions at https://███████/███ to U.S. Dept Of Defense - 8 upvotes, $0
  228. CSRF - Delete Account (Urgent) to U.S. Dept Of Defense - 8 upvotes, $0
  229. SQL Injection on █████ to U.S. Dept Of Defense - 8 upvotes, $0
  230. Reflected XSS on a Navy website to U.S. Dept Of Defense - 7 upvotes, $0
  231. SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  232. QuickTime Promotion on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  233. Exposed Access Control Data Backup Files on DoD Website to U.S. Dept Of Defense - 7 upvotes, $0
  234. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  235. Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  236. Remote Command Execution on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  237. Bypass file access control vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  238. XSS on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  239. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  240. Insecure direct object reference vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  241. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  242. Reflected XSS on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  243. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  244. Server-side include injection vulnerability in a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  245. Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  246. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  247. Insecure Direct Object Reference (IDOR) vulnerability in a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  248. X-XSS-Protection -> Misconfiguration to U.S. Dept Of Defense - 7 upvotes, $0
  249. Root Remote Code Execution on https://███ to U.S. Dept Of Defense - 7 upvotes, $0
  250. Information Disclosure (can access all ███s) within ███████ view █████████ Portal to U.S. Dept Of Defense - 7 upvotes, $0
  251. Exposed ███████ Administrative Interface (ColdFusion 11) to U.S. Dept Of Defense - 7 upvotes, $0
  252. Corda Server XSS ████████ to U.S. Dept Of Defense - 7 upvotes, $0
  253. [████████] Boolean SQL Injection (/personnel.php?content=profile&rcnum=*) to U.S. Dept Of Defense - 7 upvotes, $0
  254. Unrestricted File Upload to U.S. Dept Of Defense - 7 upvotes, $0
  255. Null byte Injection in https://████/ to U.S. Dept Of Defense - 7 upvotes, $0
  256. SharePoint Web Services Exposed to Anonymous Access Users to U.S. Dept Of Defense - 7 upvotes, $0
  257. CSRF to account takeover in https://█████/ to U.S. Dept Of Defense - 7 upvotes, $0
  258. {███} It is posible download all information and files via S3 Bucket Misconfiguration to U.S. Dept Of Defense - 7 upvotes, $0
  259. SQL Injection in www.██████████ to U.S. Dept Of Defense - 7 upvotes, $0
  260. Reflected XSS on https://█████████html?url to U.S. Dept Of Defense - 7 upvotes, $0
  261. CVE 2020 14179 on jira instance to U.S. Dept Of Defense - 7 upvotes, $0
  262. Password Cracking - Weak Password Used to Secure ████ Containing a Plaintext Password to U.S. Dept Of Defense - 7 upvotes, $0
  263. SSRF due to CVE-2021-26855 on ████████ to U.S. Dept Of Defense - 7 upvotes, $0
  264. Reflected XSS on ███████ to U.S. Dept Of Defense - 7 upvotes, $0
  265. Website vulnerable to POODLE (SSLv3) with expired certificate to U.S. Dept Of Defense - 7 upvotes, $0
  266. IDOR on https://██████ via POST UID enables database scraping to U.S. Dept Of Defense - 7 upvotes, $0
  267. ████████ portal is open to enumeration once authenticated. Session ID's appear static. All PII available once a valid session ID is found. to U.S. Dept Of Defense - 7 upvotes, $0
  268. Cross site scripting to U.S. Dept Of Defense - 7 upvotes, $0
  269. RXSS - ████ to U.S. Dept Of Defense - 7 upvotes, $0
  270. AWS subdomain takeover of www.███████ to U.S. Dept Of Defense - 7 upvotes, $0
  271. Cross-site Scripting (XSS) - Reflected at https://██████████/ to U.S. Dept Of Defense - 7 upvotes, $0
  272. Reflected XSS on [█████████] to U.S. Dept Of Defense - 7 upvotes, $0
  273. Information leakage on a Department of Defense website to U.S. Dept Of Defense - 6 upvotes, $0
  274. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  275. Remote file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  276. HTML injection vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  277. Reflected XSS in a DoD Website to U.S. Dept Of Defense - 6 upvotes, $0
  278. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  279. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  280. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  281. Violation of secure design principles on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  282. Limited code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  283. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  284. Remote Code Execution (RCE) vulnerability in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  285. Account takeover due to CSRF in "Account details" option on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
  286. ██████ Authenticated User Data Disclosure to U.S. Dept Of Defense - 6 upvotes, $0
  287. SQL Injection in the get_publications.php on the https://█████ to U.S. Dept Of Defense - 6 upvotes, $0
  288. SSRF on ████████ to U.S. Dept Of Defense - 6 upvotes, $0
  289. Out-of-date Version (Apache) to U.S. Dept Of Defense - 6 upvotes, $0
  290. Open FTP on ███ to U.S. Dept Of Defense - 6 upvotes, $0
  291. Default page exposes admin functions and all metods and classes available. on https://██████/█████/dwr/index.html to U.S. Dept Of Defense - 6 upvotes, $0
  292. Admin Salt Leakage on DoD site. to U.S. Dept Of Defense - 6 upvotes, $0
  293. LDAP Injection at ██████ to U.S. Dept Of Defense - 6 upvotes, $0
  294. Partial PII leakage due to public set gitlab to U.S. Dept Of Defense - 6 upvotes, $0
  295. [█████] Get all tickets (IDOR) to U.S. Dept Of Defense - 6 upvotes, $0
  296. ██████████ bruteforceable RIC Codes allowing information on contracts to U.S. Dept Of Defense - 6 upvotes, $0
  297. [█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action to U.S. Dept Of Defense - 6 upvotes, $0
  298. Full Account Take-Over of ████████ Members via IDOR to U.S. Dept Of Defense - 6 upvotes, $0
  299. [Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator to U.S. Dept Of Defense - 6 upvotes, $0
  300. Stored XSS at ██████userprofile.aspx to U.S. Dept Of Defense - 6 upvotes, $0
  301. ███████mill is vulnerable to cross site request forgery that leads to full account take over. to U.S. Dept Of Defense - 6 upvotes, $0
  302. Stored XSS at https://www.█████████.mil to U.S. Dept Of Defense - 6 upvotes, $0
  303. Stored XSS via 64(?) vulnerable fields in ███ leads to credential theft/account takeover to U.S. Dept Of Defense - 6 upvotes, $0
  304. Bypassed a fix to gain access to PII of more than 100 Officers to U.S. Dept Of Defense - 6 upvotes, $0
  305. Second Order XSS via █████ to U.S. Dept Of Defense - 6 upvotes, $0
  306. Read-only path traversal (CVE-2020-3452) at https://██████.mil to U.S. Dept Of Defense - 6 upvotes, $0
  307. Reflected XSS on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
  308. Sending trusted ████ and ██████████ emails through public API endpoint in ███████ site to U.S. Dept Of Defense - 6 upvotes, $0
  309. CVE-2019-3403 on https://████/rest/api/2/user/picker?query= to U.S. Dept Of Defense - 6 upvotes, $0
  310. Elmah.axd is publicly accessible leaking Error Log to U.S. Dept Of Defense - 6 upvotes, $0
  311. [www.███] Reflected Cross-Site Scripting to U.S. Dept Of Defense - 6 upvotes, $0
  312. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 6 upvotes, $0
  313. Reflected XSS at https://█████ via "██████████" parameter to U.S. Dept Of Defense - 6 upvotes, $0
  314. Open Akamai ARL XSS at ████████ to U.S. Dept Of Defense - 6 upvotes, $0
  315. SQL Injection in █████ to U.S. Dept Of Defense - 6 upvotes, $0
  316. Open Akamai ARL XSS at ████████ to U.S. Dept Of Defense - 6 upvotes, $0
  317. ██████████ vulnerable to CVE-2022-22954 to U.S. Dept Of Defense - 6 upvotes, $0
  318. lfi in filePathDownload parameter via ███████ to U.S. Dept Of Defense - 6 upvotes, $0
  319. XSS vulnerability on an Army website to U.S. Dept Of Defense - 5 upvotes, $0
  320. Open Redirect in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  321. Cross-site request forgery vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  322. Password reset vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  323. Remote command execution (RCE) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  324. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  325. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  326. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  327. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  328. Open redirect vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  329. Reflected cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  330. Default credentials on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  331. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  332. Server Side Request Forgery (SSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  333. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  334. https://█████████ Vulnerable to CVE-2018-0296 Cisco ASA Path Traversal Authentication Bypass to U.S. Dept Of Defense - 5 upvotes, $0
  335. sql injection on /messagecenter/messagingcenter at https://www.███████/ to U.S. Dept Of Defense - 5 upvotes, $0
  336. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  337. Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████ to U.S. Dept Of Defense - 5 upvotes, $0
  338. HTML Injection on ████ to U.S. Dept Of Defense - 5 upvotes, $0
  339. SharePoint exposed web services to U.S. Dept Of Defense - 5 upvotes, $0
  340. SharePoint exposed web services to U.S. Dept Of Defense - 5 upvotes, $0
  341. Email PII disclosure due to Insecure Password Reset field to U.S. Dept Of Defense - 5 upvotes, $0
  342. File Upload Restriction Bypass to U.S. Dept Of Defense - 5 upvotes, $0
  343. [██████████] Unauthorized access to admin panel to U.S. Dept Of Defense - 5 upvotes, $0
  344. Reflected XSS and HTML Injectionon a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  345. CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. to U.S. Dept Of Defense - 5 upvotes, $0
  346. Cross Site Scripting (XSS) – Reflected to U.S. Dept Of Defense - 5 upvotes, $0
  347. External Service Interaction | https://█████████.mil to U.S. Dept Of Defense - 5 upvotes, $0
  348. https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD to U.S. Dept Of Defense - 5 upvotes, $0
  349. View another user information with IDOR vulnerability to U.S. Dept Of Defense - 5 upvotes, $0
  350. PHP info page disclosure to U.S. Dept Of Defense - 5 upvotes, $0
  351. Directory Indexing on the ████ (https://████/) leads to the backups disclosure and credentials leak to U.S. Dept Of Defense - 5 upvotes, $0
  352. Improper Access Controls Allow PII Leak via ████ to U.S. Dept Of Defense - 5 upvotes, $0
  353. Knowledge Base Articles are Globally Modifiable via ██████ to U.S. Dept Of Defense - 5 upvotes, $0
  354. Support incident can be opened for any user via /███████ and PII leak via █████████ field to U.S. Dept Of Defense - 5 upvotes, $0
  355. Arbitrary file upload and stored XSS via ███ support request to U.S. Dept Of Defense - 5 upvotes, $0
  356. Access to requests and approvals via /█████ allows sensitive information gathering to U.S. Dept Of Defense - 5 upvotes, $0
  357. HTML Injection + XSS Vulnerability - https://████████/ | Proof of Concept [PoC] to U.S. Dept Of Defense - 5 upvotes, $0
  358. CRXDE Lite/CRX is on ██████ exposed that leads to PII disclosure to U.S. Dept Of Defense - 5 upvotes, $0
  359. RXSS - https://███/ to U.S. Dept Of Defense - 5 upvotes, $0
  360. Blind Stored XSS on https://█████████ after filling a request at https://█████ to U.S. Dept Of Defense - 5 upvotes, $0
  361. param allows any external resource to be downloadable | https://████████ to U.S. Dept Of Defense - 5 upvotes, $0
  362. reflected xss @ www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
  363. Reflected XSS in https://██████████ via "████████" parameter to U.S. Dept Of Defense - 5 upvotes, $0
  364. [█████████] Reflected Cross-Site Scripting Vulnerability to U.S. Dept Of Defense - 5 upvotes, $0
  365. XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 5 upvotes, $0
  366. S3 bucket listing/download to U.S. Dept Of Defense - 5 upvotes, $0
  367. Subdomain takeover of ███ to U.S. Dept Of Defense - 5 upvotes, $0
  368. Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 5 upvotes, $0
  369. ███████ - XSS - CVE-2020-3580 to U.S. Dept Of Defense - 5 upvotes, $0
  370. XSS on https://████/ via ███████ parameter to U.S. Dept Of Defense - 5 upvotes, $0
  371. [CVE-2020-3452] on ███████ to U.S. Dept Of Defense - 5 upvotes, $0
  372. CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 5 upvotes, $0
  373. Persistent XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  374. Cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  375. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  376. Arbitrary Script Injection (Mail) in a DoD Website to U.S. Dept Of Defense - 4 upvotes, $0
  377. Stored cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  378. HTML Injection/Load Images vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  379. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  380. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  381. Cross-Site Scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  382. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  383. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  384. Server side information disclosure on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  385. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  386. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  387. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  388. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  389. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  390. Cross-site request forgery (CSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  391. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  392. Information disclosure vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  393. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  394. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  395. SQL injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  396. Reflective XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  397. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  398. Stored cross site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  399. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  400. Remote Code Execution (RCE) vulnerability in multiple DoD websites to U.S. Dept Of Defense - 4 upvotes, $0
  401. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  402. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  403. Cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  404. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  405. Remote OS command Execution in the 3 more Oracle Weblogic on the ████████, ████, ███████ [CVE-2017-10352] to U.S. Dept Of Defense - 4 upvotes, $0
  406. Admin panel take over | User info leakage | Mass Comprimise to U.S. Dept Of Defense - 4 upvotes, $0
  407. Code reversion allowing SQLI again in ███████ to U.S. Dept Of Defense - 4 upvotes, $0
  408. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  409. CRLF Injection on ███████ to U.S. Dept Of Defense - 4 upvotes, $0
  410. WebLogic Server Side Request Forgery to U.S. Dept Of Defense - 4 upvotes, $0
  411. [████████] Reflected XSS to U.S. Dept Of Defense - 4 upvotes, $0
  412. [███████] Reflected GET XSS (/mission.php?...&missionDate=*) to U.S. Dept Of Defense - 4 upvotes, $0
  413. Firewall rules for ████████ can be bypassed to leak site authors to U.S. Dept Of Defense - 4 upvotes, $0
  414. Internal IP Address Disclosed to U.S. Dept Of Defense - 4 upvotes, $0
  415. idor on upload profile functionality to U.S. Dept Of Defense - 4 upvotes, $0
  416. Application level DoS via xmlrpc.php to U.S. Dept Of Defense - 4 upvotes, $0
  417. Unrestricted file upload leads to stored xss on https://████████/ to U.S. Dept Of Defense - 4 upvotes, $0
  418. [██████████.mil] Cisco VPN Service Path Traversal to U.S. Dept Of Defense - 4 upvotes, $0
  419. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 4 upvotes, $0
  420. hardcoded password stored in javascript of https://████.mil to U.S. Dept Of Defense - 4 upvotes, $0
  421. Able to authenticate as administrator by navigating to https://█████/admin/ to U.S. Dept Of Defense - 4 upvotes, $0
  422. Insecure ███████ credentials on staging app at ████ leads to application takeover to U.S. Dept Of Defense - 4 upvotes, $0
  423. PII Leak of ████████ Personal at https://www.█████████ to U.S. Dept Of Defense - 4 upvotes, $0
  424. Dashboard sharing enables code injection into ████ emails to U.S. Dept Of Defense - 4 upvotes, $0
  425. PII Leak via /███████ to U.S. Dept Of Defense - 4 upvotes, $0
  426. PII Leak via /██████ to U.S. Dept Of Defense - 4 upvotes, $0
  427. Information Disclosure(PHPINFO/Credentials) on DoD Asset to U.S. Dept Of Defense - 4 upvotes, $0
  428. Stored XSS through name / last name on https://██████████/ to U.S. Dept Of Defense - 4 upvotes, $0
  429. Self XSS + CSRF Leads to Reflected XSS in https://████/ to U.S. Dept Of Defense - 4 upvotes, $0
  430. Misconfigured AWS S3 bucket leaks senstive data such of admin, Prdouction,beta, localhost and many more directories.... to U.S. Dept Of Defense - 4 upvotes, $0
  431. CVE-2021-26855 on ████████ resulting in SSRF to U.S. Dept Of Defense - 4 upvotes, $0
  432. Read-only path traversal (CVE-2020-3452) at https://█████ to U.S. Dept Of Defense - 4 upvotes, $0
  433. Read-only path traversal (CVE-2020-3452) at https://████████ to U.S. Dept Of Defense - 4 upvotes, $0
  434. xss on https://███████(█████████ parameter) to U.S. Dept Of Defense - 4 upvotes, $0
  435. XSS due to CVE-2020-3580 [██████] to U.S. Dept Of Defense - 4 upvotes, $0
  436. Path traversal on [███] to U.S. Dept Of Defense - 4 upvotes, $0
  437. Wrong settings in ADF Faces leads to information disclosure to U.S. Dept Of Defense - 4 upvotes, $0
  438. ██████████ running a vulnerable log4j to U.S. Dept Of Defense - 4 upvotes, $0
  439. default ████ creds on https://████████ to U.S. Dept Of Defense - 4 upvotes, $0
  440. Reflected XSS at https://█████████ via "███" parameter to U.S. Dept Of Defense - 4 upvotes, $0
  441. Broken access control, can lead to legitimate user data loss to U.S. Dept Of Defense - 4 upvotes, $0
  442. username and password leaked via pptx for █████████ website to U.S. Dept Of Defense - 4 upvotes, $0
  443. ███ vulnerable to CVE-2022-22954 to U.S. Dept Of Defense - 4 upvotes, $0
  444. Blind SQL Injection to U.S. Dept Of Defense - 4 upvotes, $0
  445. DNS Misconfiguration to U.S. Dept Of Defense - 3 upvotes, $0
  446. Server side information disclosure to U.S. Dept Of Defense - 3 upvotes, $0
  447. XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  448. Potentially sensitive information disclosure on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  449. Misconfigured user account settings on DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  450. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  451. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  452. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  453. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  454. DOM Based XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  455. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  456. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  457. Cross-site request forgery (CSRF) vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  458. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  459. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  460. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  461. Online training material disclosing username and password to U.S. Dept Of Defense - 3 upvotes, $0
  462. https://████████ Impacted by DNN ImageHandler SSRF to U.S. Dept Of Defense - 3 upvotes, $0
  463. ████████ SQL to U.S. Dept Of Defense - 3 upvotes, $0
  464. Attackers can control which security questions they are presented (████████) to U.S. Dept Of Defense - 3 upvotes, $0
  465. Critical information disclosure at https://█████████ to U.S. Dept Of Defense - 3 upvotes, $0
  466. SQL injection on https://███████ to U.S. Dept Of Defense - 3 upvotes, $0
  467. Insecure Direct Object Reference on in-scope .mil website to U.S. Dept Of Defense - 3 upvotes, $0
  468. Sensitive Email disclosure Due to Insecure Reactivate Account field to U.S. Dept Of Defense - 3 upvotes, $0
  469. Able to view Backend Database dur to improper authentication to U.S. Dept Of Defense - 3 upvotes, $0
  470. █████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
  471. █████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
  472. [██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action to U.S. Dept Of Defense - 3 upvotes, $0
  473. ████ █████ exposes highly sensitive information to public to U.S. Dept Of Defense - 3 upvotes, $0
  474. █████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files to U.S. Dept Of Defense - 3 upvotes, $0
  475. Improper Neutralization of Input During Web Page Generation to U.S. Dept Of Defense - 3 upvotes, $0
  476. No ACL on S3 Bucket in [https://www.██████████/] to U.S. Dept Of Defense - 3 upvotes, $0
  477. Domian Takeover in [███████] to U.S. Dept Of Defense - 3 upvotes, $0
  478. [████████] — XSS on /███████_flight/images via advanced_val parameter to U.S. Dept Of Defense - 3 upvotes, $0
  479. XSS Reflected to U.S. Dept Of Defense - 3 upvotes, $0
  480. HTML Injection leads to XSS on███ to U.S. Dept Of Defense - 3 upvotes, $0
  481. Reflected XSS on ███████ page to U.S. Dept Of Defense - 3 upvotes, $0
  482. [████] SQL Injections on Referer Header exploitable via Time-Based method to U.S. Dept Of Defense - 3 upvotes, $0
  483. Reflected XSS in https://███████ via search parameter to U.S. Dept Of Defense - 3 upvotes, $0
  484. PII Leak (such as CAC User ID) at https://████████/pages/login.aspx to U.S. Dept Of Defense - 3 upvotes, $0
  485. Apparent ██████████ website is publicly exposed, suggests default account details on page and has expired SSL/TLS cert to U.S. Dept Of Defense - 3 upvotes, $0
  486. Able to log in with default ██████g creds at https█████████████████████.mil to U.S. Dept Of Defense - 3 upvotes, $0
  487. POST based RXSS on https://█████ via frm_email parameter to U.S. Dept Of Defense - 3 upvotes, $0
  488. Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 3 upvotes, $0
  489. Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 3 upvotes, $0
  490. System Error Reveals Sensitive SQL Call Data to U.S. Dept Of Defense - 3 upvotes, $0
  491. Members Personal Information Leak Due to IDOR to U.S. Dept Of Defense - 3 upvotes, $0
  492. Cache Posioning leading do Denial of Service on www.█████████ to U.S. Dept Of Defense - 3 upvotes, $0
  493. SQL injection located in ███ in POST param ████████ to U.S. Dept Of Defense - 3 upvotes, $0
  494. Unauthorized access to PII leads to MASS account Takeover to U.S. Dept Of Defense - 3 upvotes, $0
  495. Reflected XSS at https://██████/██████████ via "████████" parameter to U.S. Dept Of Defense - 3 upvotes, $0
  496. Reflected XSS at https://██████/██████ via "██████" parameter to U.S. Dept Of Defense - 3 upvotes, $0
  497. CUI Labelled document out in the open to U.S. Dept Of Defense - 3 upvotes, $0
  498. Military name,email,phone,address,certdata Disclosure to U.S. Dept Of Defense - 3 upvotes, $0
  499. XSS Reflected - ███ to U.S. Dept Of Defense - 3 upvotes, $0
  500. XSS on https://██████/███ via █████ parameter to U.S. Dept Of Defense - 3 upvotes, $0
  501. SSRF due to CVE-2021-27905 in www.████████ to U.S. Dept Of Defense - 3 upvotes, $0
  502. Reflected XSS [██████] to U.S. Dept Of Defense - 3 upvotes, $0
  503. SQL Injection on https://████████/ to U.S. Dept Of Defense - 3 upvotes, $0
  504. [HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████ to U.S. Dept Of Defense - 2 upvotes, $3000
  505. Information disclosure on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  506. Reflected XSS vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  507. Stored XSS vulnerability on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  508. Reflected XSS on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  509. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  510. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  511. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  512. 2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929 to U.S. Dept Of Defense - 2 upvotes, $0
  513. Illegal account registration in ████████ to U.S. Dept Of Defense - 2 upvotes, $0
  514. Multiple cryptographic vulnerabilities in login page on ███████ to U.S. Dept Of Defense - 2 upvotes, $0
  515. Exposed FTP Credentials on ███████ to U.S. Dept Of Defense - 2 upvotes, $0
  516. Blind SQL Injection on DoD Site to U.S. Dept Of Defense - 2 upvotes, $0
  517. Sensitive Information Leaking Through DoD Owned Website. [██████████] to U.S. Dept Of Defense - 2 upvotes, $0
  518. Followup - SQL Injection - https://██████████/██████/MSI.portal to U.S. Dept Of Defense - 2 upvotes, $0
  519. CORS Misconfiguration Leads to Exposing User Data to U.S. Dept Of Defense - 2 upvotes, $0
  520. Padding Oracle ms10-070 in the a DoD website (https://██████/) to U.S. Dept Of Defense - 2 upvotes, $0
  521. Admin Login Credential Leak for DoD Gitlab EE instance to U.S. Dept Of Defense - 2 upvotes, $0
  522. Username&password is Disclosure in readme file in [https://█████████] to U.S. Dept Of Defense - 2 upvotes, $0
  523. Sensitive Information Leaking Through DARPA Website. [█████████] to U.S. Dept Of Defense - 2 upvotes, $0
  524. Sensitive Information Leaking Through Navy Website. [█████] to U.S. Dept Of Defense - 2 upvotes, $0
  525. Reflected XSS on https://███████/ to U.S. Dept Of Defense - 2 upvotes, $0
  526. SharePoint Web Services Exposed to Anonymous Access to U.S. Dept Of Defense - 2 upvotes, $0
  527. Reflected XSS - https://███ to U.S. Dept Of Defense - 2 upvotes, $0
  528. [CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol! to U.S. Dept Of Defense - 2 upvotes, $0
  529. [CVE-2021-29156] LDAP Injection at https://██████ to U.S. Dept Of Defense - 2 upvotes, $0
  530. Sensitive information on ██████████ to U.S. Dept Of Defense - 2 upvotes, $0
  531. System Error Reveals SQL Information to U.S. Dept Of Defense - 2 upvotes, $0
  532. Information disclosure at '████████' --- CVE-2020-14179 to U.S. Dept Of Defense - 2 upvotes, $0
  533. RXSS Via URI Path - https://██████████/ to U.S. Dept Of Defense - 2 upvotes, $0
  534. Reflected XSS in https://███████ via hidden parameter "████████" to U.S. Dept Of Defense - 2 upvotes, $0
  535. ███ ████████ running a vulnerable log4j to U.S. Dept Of Defense - 2 upvotes, $0
  536. Reflected XSS at https://██████████/████████ via "███████" parameter to U.S. Dept Of Defense - 2 upvotes, $0
  537. XSS trigger via HTML Iframe injection in ( https://██████████ ) due to unfiltered HTML tags to U.S. Dept Of Defense - 2 upvotes, $0
  538. IDOR - Delete Users Saved Projects to U.S. Dept Of Defense - 2 upvotes, $0
  539. Authorization bypass -> IDOR -> PII Leakage to U.S. Dept Of Defense - 2 upvotes, $0
  540. CORS Misconfiguration to U.S. Dept Of Defense - 2 upvotes, $0
  541. SQL INJECTION in https://████/██████████ to U.S. Dept Of Defense - 2 upvotes, $0
  542. Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████ to U.S. Dept Of Defense - 2 upvotes, $0
  543. Reflected XSS [███] to U.S. Dept Of Defense - 2 upvotes, $0
  544. CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 2 upvotes, $0
  545. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 2 upvotes, $0
  546. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 1 upvotes, $0
  547. SQL injection found in US Navy Website (http://███/) to U.S. Dept Of Defense - 1 upvotes, $0
  548. Access to job creation web page on http://████████ to U.S. Dept Of Defense - 1 upvotes, $0
  549. Content-Injection/XSS ████ to U.S. Dept Of Defense - 1 upvotes, $0
  550. █████ - Pre-generation of VIEWSTATE allows CAC bypass to U.S. Dept Of Defense - 1 upvotes, $0
  551. [https://███] Local File Inclusion via graph.php to U.S. Dept Of Defense - 1 upvotes, $0
  552. Publicly accessible Grafana install allows pivoting to Prometheus datasource to U.S. Dept Of Defense - 1 upvotes, $0
  553. Unencrypted __VIEWSTATE parameter in a DoD website to U.S. Dept Of Defense - 1 upvotes, $0
  554. PulseSSL VPN Site with Compromised Creds @ ████ to U.S. Dept Of Defense - 1 upvotes, $0
  555. https://█████ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability to U.S. Dept Of Defense - 1 upvotes, $0
  556. Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 1 upvotes, $0
  557. SharePoint Web Services Exposed to Anonymous Access to U.S. Dept Of Defense - 1 upvotes, $0
  558. Register with non accepted email types on https://███████ to U.S. Dept Of Defense - 1 upvotes, $0
  559. Reflected XSS on https://█████ to U.S. Dept Of Defense - 1 upvotes, $0
  560. xss reflected on https://███████- (███ parameters) to U.S. Dept Of Defense - 1 upvotes, $0
  561. XSS Reflected on https://███ (███ parameter) to U.S. Dept Of Defense - 1 upvotes, $0
  562. CUI labled and ████ and ██████ Restricted ██████ intelligence to U.S. Dept Of Defense - 1 upvotes, $0
  563. https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability) to U.S. Dept Of Defense - 1 upvotes, $0
  564. XSS due to CVE-2020-3580 [███] to U.S. Dept Of Defense - 1 upvotes, $0
  565. Reflected XSS at ████ via ██████████= parameter to U.S. Dept Of Defense - 1 upvotes, $0
  566. Reflected XSS on https://███/████via hidden parameter "█████████" to U.S. Dept Of Defense - 1 upvotes, $0
  567. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 1 upvotes, $0
  568. RXSS ON https://██████████ to U.S. Dept Of Defense - 1 upvotes, $0
  569. (CORS) Cross-origin resource sharing misconfiguration on https://█████████ to U.S. Dept Of Defense - 1 upvotes, $0
  570. XSS because of Akamai ARL misconfiguration on ████ to U.S. Dept Of Defense - 1 upvotes, $0
  571. CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████ to U.S. Dept Of Defense - 1 upvotes, $0
  572. Reflected XSS - in Email Input to U.S. Dept Of Defense - 1 upvotes, $0
  573. CSRF - Modify User Settings with one click - Account TakeOver to U.S. Dept Of Defense - 1 upvotes, $0
  574. Arbitrary File Deletion (CVE-2020-3187) on ████████ to U.S. Dept Of Defense - 1 upvotes, $0
  575. CVE-2020-3452 on https://█████/ to U.S. Dept Of Defense - 1 upvotes, $0
  576. Bypassing CORS Misconfiguration Leads to Sensitive Exposure at https://███/ to U.S. Dept Of Defense - 1 upvotes, $0
  577. XSS on https://███████/██████████ parameter to U.S. Dept Of Defense - 1 upvotes, $0
  578. XSS on https://████████/████' parameter to U.S. Dept Of Defense - 1 upvotes, $0
  579. [www.█████] Path-based reflected Cross Site Scripting to U.S. Dept Of Defense - 1 upvotes, $0
  580. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 1 upvotes, $0
  581. Two Error-Based SQLi in courses.aspx on ██████████ to U.S. Dept Of Defense - 0 upvotes, $0
  582. SQL Injection - https://███/█████████/MSI.portal to U.S. Dept Of Defense - 0 upvotes, $0
  583. [██████████] — Directory traversal via /aerosol-bin/███████/display_directory_████_t.cgi to U.S. Dept Of Defense - 0 upvotes, $0
  584. Stored XSS on ████████helpdesk to U.S. Dept Of Defense - 0 upvotes, $0
  585. Access to Unclassified / FOUO Advanced Motion Platform of █████████.mil to U.S. Dept Of Defense - 0 upvotes, $0
  586. SSRF in login page using fetch API exposes victims IP address to attacker controled server to U.S. Dept Of Defense - 0 upvotes, $0
  587. XSS due to CVE-2020-3580 [███.mil] to U.S. Dept Of Defense - 0 upvotes, $0
  588. Sensitive information on '████████' to U.S. Dept Of Defense - 0 upvotes, $0
  589. CUI labled and ████ Restricted pdf on █████ to U.S. Dept Of Defense - 0 upvotes, $0