Skip to content

Latest commit

 

History

History
798 lines (797 loc) · 115 KB

TOPUSDEPTOFDEFENSE.md

File metadata and controls

798 lines (797 loc) · 115 KB

Top reports from U.S. Dept Of Defense program at HackerOne:

  1. Stored Xss Vulnerability on ████████ to U.S. Dept Of Defense - 187 upvotes, $0
  2. Bypassing CORS Misconfiguration Leads to Sensitive Exposure to U.S. Dept Of Defense - 143 upvotes, $0
  3. Public instance of Jenkins on https://██████████/ with /script enabled to U.S. Dept Of Defense - 113 upvotes, $0
  4. [hta3] Remote Code Execution on ████ to U.S. Dept Of Defense - 101 upvotes, $0
  5. Wordpress Takeover using setup configuration at http://████.edu [HtUS] to U.S. Dept Of Defense - 99 upvotes, $1000
  6. [███████] Information disclosure due unauthenticated access to APIs and system browser functions to U.S. Dept Of Defense - 94 upvotes, $0
  7. XXE in DoD website that may lead to RCE to U.S. Dept Of Defense - 93 upvotes, $0
  8. Remote Code Execution in ██████ to U.S. Dept Of Defense - 93 upvotes, $0
  9. LOGJ4 VUlnerability [HtUS] to U.S. Dept Of Defense - 92 upvotes, $1000
  10. Lack of rate limiting in https://███/PKI/PassReset.aspx leads to PII disclosure and potential account takeover to U.S. Dept Of Defense - 89 upvotes, $0
  11. [SQLI ]Time Bassed Injection at ██████████ via referer header to U.S. Dept Of Defense - 86 upvotes, $0
  12. Time based SQL injection at████████ to U.S. Dept Of Defense - 84 upvotes, $0
  13. ███ leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions to U.S. Dept Of Defense - 84 upvotes, $0
  14. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 83 upvotes, $0
  15. User automatically logged in as Sys Admin user on https://███/Administration/Administration.aspx to U.S. Dept Of Defense - 81 upvotes, $0
  16. SQL Injection on www.██████████ on countID parameter to U.S. Dept Of Defense - 79 upvotes, $0
  17. SQL Injection to U.S. Dept Of Defense - 74 upvotes, $0
  18. SQL Injection in ████ to U.S. Dept Of Defense - 71 upvotes, $0
  19. CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 70 upvotes, $0
  20. RCE on █████ via CVE-2017-10271 to U.S. Dept Of Defense - 68 upvotes, $0
  21. Blind Sql Injection in https://████ to U.S. Dept Of Defense - 67 upvotes, $0
  22. [█████████] Administrative access to Oracle WebLogic Server using default credentials to U.S. Dept Of Defense - 63 upvotes, $0
  23. Full account takeover of any user through reset password to U.S. Dept Of Defense - 63 upvotes, $0
  24. Unauthenticated LFI (Local File Inclusion) using the symbol ! At the target https://████/ to U.S. Dept Of Defense - 60 upvotes, $0
  25. Improper Authentication (Login without Registration with any user) at ████ to U.S. Dept Of Defense - 59 upvotes, $0
  26. CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman to U.S. Dept Of Defense - 58 upvotes, $0
  27. IDOR leading unauthenticated attacker to download documents discloses PII of users and soldiers via https://www.█████████/Download.aspx?id= [HtUS] to U.S. Dept Of Defense - 57 upvotes, $500
  28. Unauthenticated SQL Injection at █████████ [HtUS] to U.S. Dept Of Defense - 57 upvotes, $0
  29. Remote Code Execution through DNN Cookie Deserialization to U.S. Dept Of Defense - 56 upvotes, $0
  30. Subdomain takeover ████████.mil to U.S. Dept Of Defense - 56 upvotes, $0
  31. LFI with potential to RCE on ██████ using CVE-2019-3396 to U.S. Dept Of Defense - 54 upvotes, $0
  32. Reflected XSS via Keycloak on ███ [CVE-2021-20323] to U.S. Dept Of Defense - 53 upvotes, $0
  33. Authentication Bypass on https://███████/ to U.S. Dept Of Defense - 53 upvotes, $0
  34. CVE-2020-7961 RCE Liferay Portal Unauthenticated via https://████████/ to U.S. Dept Of Defense - 53 upvotes, $0
  35. SSRF to read AWS metaData at https://█████/ [HtUS] to U.S. Dept Of Defense - 51 upvotes, $1000
  36. Open Akamai ARL XSS on http://master-config-████████ to U.S. Dept Of Defense - 51 upvotes, $0
  37. Subdomain takeover ██████ to U.S. Dept Of Defense - 49 upvotes, $0
  38. Information disclousure by clicking on the link shown in http://████████/ to U.S. Dept Of Defense - 48 upvotes, $0
  39. Log4Shell: RCE 0-day exploit on █████████ to U.S. Dept Of Defense - 48 upvotes, $0
  40. Local File Disclosure on the █████ (https://████████.edu/) leads to the full source code disclosure and credentials leak to U.S. Dept Of Defense - 48 upvotes, $0
  41. Local File Inclusion vulnerability on an Army system allows downloading local files to U.S. Dept Of Defense - 46 upvotes, $0
  42. SQL Injection in ████ to U.S. Dept Of Defense - 46 upvotes, $0
  43. IDOR leads to PII Leak to U.S. Dept Of Defense - 45 upvotes, $0
  44. XSS found for https://█████████ to U.S. Dept Of Defense - 45 upvotes, $0
  45. SQL Injection vulnerability located at ████████ to U.S. Dept Of Defense - 44 upvotes, $0
  46. Unauthenticated Access to Admin Panel Functions at https://██████████/████████ to U.S. Dept Of Defense - 44 upvotes, $0
  47. Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████] to U.S. Dept Of Defense - 44 upvotes, $0
  48. Xss - ███ to U.S. Dept Of Defense - 44 upvotes, $0
  49. Reflected Cross-site Scripting via search query on ██████ to U.S. Dept Of Defense - 44 upvotes, $0
  50. XSS on ███████ to U.S. Dept Of Defense - 44 upvotes, $0
  51. Gateway information leakage to U.S. Dept Of Defense - 43 upvotes, $0
  52. [HTAF4-213] [Pre-submission] HTTPOnly session cookie exposure on the /csstest endpoint to U.S. Dept Of Defense - 42 upvotes, $1500
  53. Remote Code Execution via Insecure Deserialization in Telerik UI to U.S. Dept Of Defense - 42 upvotes, $0
  54. Leaked DB credentials on https://██████████.mil/███ to U.S. Dept Of Defense - 42 upvotes, $0
  55. IDOR to delete profile images in https:███████ to U.S. Dept Of Defense - 41 upvotes, $0
  56. Pull Any Automated Record Brief to U.S. Dept Of Defense - 41 upvotes, $0
  57. SSRF in Functional Administrative Support Tool pdf generator (████) [HtUS] to U.S. Dept Of Defense - 40 upvotes, $4000
  58. Account takeover through CSRF in http://███████/██████████/default.asp to U.S. Dept Of Defense - 40 upvotes, $0
  59. HTTP Request Smuggling to U.S. Dept Of Defense - 40 upvotes, $0
  60. reflected xss [CVE-2020-3580] to U.S. Dept Of Defense - 40 upvotes, $0
  61. Open Akamai ARL XSS on http://media.████████ to U.S. Dept Of Defense - 39 upvotes, $0
  62. Reflected XSS on error message on Login Page to U.S. Dept Of Defense - 37 upvotes, $0
  63. █████████ (Android): Vulnerable to Javascript Injection and Open redirect to U.S. Dept Of Defense - 37 upvotes, $0
  64. Cross Site Scripting to U.S. Dept Of Defense - 37 upvotes, $0
  65. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████ to U.S. Dept Of Defense - 36 upvotes, $5000
  66. Blind Sql Injection https:/████████ to U.S. Dept Of Defense - 36 upvotes, $0
  67. Unauthenticated Jenkins instance exposed information related to █████ to U.S. Dept Of Defense - 36 upvotes, $0
  68. Critical sensitive information Disclosure. [HtUS] to U.S. Dept Of Defense - 35 upvotes, $500
  69. RCE in ███ [CVE-2021-26084] to U.S. Dept Of Defense - 35 upvotes, $0
  70. Xss Parameter: /<s>/[*]/<s>.css ████████ to U.S. Dept Of Defense - 35 upvotes, $0
  71. DoD workstation exposed to internet via TinyPilot KVM with no authentication to U.S. Dept Of Defense - 35 upvotes, $0
  72. [HTA2] Authorization Bypass on https://██████ leaks confidential aircraft/missile information to U.S. Dept Of Defense - 34 upvotes, $0
  73. [HTA2] XXE on https://███ via SpellCheck Endpoint. to U.S. Dept Of Defense - 34 upvotes, $0
  74. [██████] Cross-origin resource sharing misconfiguration (CORS) to U.S. Dept Of Defense - 33 upvotes, $0
  75. 403 Forbidden Bypass at www.██████.mil to U.S. Dept Of Defense - 33 upvotes, $0
  76. Blind Stored XSS Payload fired at the backend on https://█████████/ to U.S. Dept Of Defense - 33 upvotes, $0
  77. Web Cache Poisoning on █████ to U.S. Dept Of Defense - 33 upvotes, $0
  78. EC2 subdomain takeover at http://████████/ to U.S. Dept Of Defense - 33 upvotes, $0
  79. Subdomain takeover of █████████ to U.S. Dept Of Defense - 33 upvotes, $0
  80. Unathenticated file read (CVE-2020-3452) to U.S. Dept Of Defense - 33 upvotes, $0
  81. XSS in Cisco Endpoint to U.S. Dept Of Defense - 33 upvotes, $0
  82. SQL injection on ██████████ via 'where' parameter to U.S. Dept Of Defense - 33 upvotes, $0
  83. XXE on DoD web server to U.S. Dept Of Defense - 32 upvotes, $0
  84. POST based RXSS on https://███████/ via ███ parameter to U.S. Dept Of Defense - 32 upvotes, $0
  85. Course Registration Form Allowing an attacker to dump all the candidate name who had enrolled for the course to U.S. Dept Of Defense - 32 upvotes, $0
  86. Remote code execution on an Army website to U.S. Dept Of Defense - 31 upvotes, $0
  87. Pulse Secure File disclosure, clear text and potential RCE to U.S. Dept Of Defense - 31 upvotes, $0
  88. SQL injection my method -1 OR 321=6 AND 000159=000159 to U.S. Dept Of Defense - 31 upvotes, $0
  89. IDOR leads to view other user Biographical details (Possible PII LEAK) to U.S. Dept Of Defense - 31 upvotes, $0
  90. Unrestricted File Upload to U.S. Dept Of Defense - 30 upvotes, $0
  91. SSRF+XSS to U.S. Dept Of Defense - 30 upvotes, $0
  92. SOAP WSDL Parser SQL Code Execution to U.S. Dept Of Defense - 30 upvotes, $0
  93. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 29 upvotes, $0
  94. Information Disclosure to U.S. Dept Of Defense - 29 upvotes, $0
  95. SSRF vulnerability on ██████████ leaks internal IP and various sensitive information to U.S. Dept Of Defense - 29 upvotes, $0
  96. DoD internal documents are leaked to the public to U.S. Dept Of Defense - 29 upvotes, $0
  97. SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS] to U.S. Dept Of Defense - 29 upvotes, $0
  98. Splunk Sensitive Information Disclosure @████████ to U.S. Dept Of Defense - 29 upvotes, $0
  99. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███) to U.S. Dept Of Defense - 28 upvotes, $2000
  100. [███████] Remote Code Execution at ██████ [CVE-2021-44529] [HtUS] to U.S. Dept Of Defense - 28 upvotes, $1000
  101. SQL injection to U.S. Dept Of Defense - 28 upvotes, $0
  102. Reflected Xss to U.S. Dept Of Defense - 28 upvotes, $0
  103. SQL injection at [https://█████████] [HtUS] to U.S. Dept Of Defense - 28 upvotes, $0
  104. Reflected xss on https://█████████ to U.S. Dept Of Defense - 28 upvotes, $0
  105. RCE via File Upload with a Null Byte Truncated File Extension at https://██████/ to U.S. Dept Of Defense - 28 upvotes, $0
  106. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 28 upvotes, $0
  107. IDOR : Modify other users demographic details to U.S. Dept Of Defense - 28 upvotes, $0
  108. [HTAF4-213] [Pre-submission] Unsafe AMF deserialization (CVE-2017-5641) in Apache Flex BlazeDS at the https://www.███████/daip/messagebroker/amf to U.S. Dept Of Defense - 27 upvotes, $1666
  109. Trace.axd page leaks sensitive information to U.S. Dept Of Defense - 27 upvotes, $0
  110. Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 27 upvotes, $0
  111. [hta3] Remote Code Execution on https://███ via improper access control to SCORM Zip upload/import to U.S. Dept Of Defense - 27 upvotes, $0
  112. Video player on ███ allows arbitrary remote videos to be played to U.S. Dept Of Defense - 26 upvotes, $0
  113. Reflected XSS to U.S. Dept Of Defense - 26 upvotes, $0
  114. Subdomain Takeover via Host Header Injection on www.█████ to U.S. Dept Of Defense - 26 upvotes, $0
  115. Automatic Admin Access to U.S. Dept Of Defense - 26 upvotes, $0
  116. Blind Stored XSS on the internal host - █████████████ to U.S. Dept Of Defense - 26 upvotes, $0
  117. Command Injection (via CVE-2019-11510 and CVE-2019-11539) to U.S. Dept Of Defense - 25 upvotes, $0
  118. ████ - Complete account takeover to U.S. Dept Of Defense - 25 upvotes, $0
  119. █████████ IDOR leads to disclosure of PHI/PII to U.S. Dept Of Defense - 25 upvotes, $0
  120. CSRF to Cross-site Scripting (XSS) to U.S. Dept Of Defense - 25 upvotes, $0
  121. Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935) to U.S. Dept Of Defense - 25 upvotes, $0
  122. Default Admin Username and Password on █████ Server at █████████mil to U.S. Dept Of Defense - 25 upvotes, $0
  123. Unauthenticated Blind SSRF at https://█████ via xmlrpc.php file to U.S. Dept Of Defense - 25 upvotes, $0
  124. RCE on a Department of Defense website to U.S. Dept Of Defense - 24 upvotes, $0
  125. Request smuggling on ████████ to U.S. Dept Of Defense - 24 upvotes, $0
  126. Examples directory is PUBLIC on https://████████mil, leading to multiple vulns to U.S. Dept Of Defense - 24 upvotes, $0
  127. SQL Injection in the move_papers.php on the https://██████████ to U.S. Dept Of Defense - 24 upvotes, $0
  128. IDOR to Account Takeover on https://████/index.html to U.S. Dept Of Defense - 24 upvotes, $0
  129. IDOR while uploading ████ attachments at [█████████] to U.S. Dept Of Defense - 24 upvotes, $0
  130. Docker Registry without authentication leads to docker images download to U.S. Dept Of Defense - 24 upvotes, $0
  131. ██████ SSN/EDPI to U.S. Dept Of Defense - 24 upvotes, $0
  132. CSRF Account Deletion on ███ Website to U.S. Dept Of Defense - 23 upvotes, $0
  133. Reflected XSS in https://www.█████/ to U.S. Dept Of Defense - 23 upvotes, $0
  134. Apache solr RCE via velocity template to U.S. Dept Of Defense - 23 upvotes, $0
  135. Local File Inclusion in download.php to U.S. Dept Of Defense - 23 upvotes, $0
  136. Endpoint Redirects to Admin Page and Provides Admin role to U.S. Dept Of Defense - 23 upvotes, $0
  137. Access to all █████████ files, including CAC authentication bypass to U.S. Dept Of Defense - 22 upvotes, $0
  138. SQL injection on the https://████/ to U.S. Dept Of Defense - 22 upvotes, $0
  139. [Partial] SSN & [PII] exposed through iPERMs Presentation Slide. to U.S. Dept Of Defense - 22 upvotes, $0
  140. Leaks of username and password leads to CVE-2018-18862 exploitation to U.S. Dept Of Defense - 22 upvotes, $0
  141. Reflected XSS via Moodle on ███ [CVE-2022-35653] to U.S. Dept Of Defense - 22 upvotes, $0
  142. SSRF on █████████ Allowing internal server data access to U.S. Dept Of Defense - 21 upvotes, $0
  143. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ to U.S. Dept Of Defense - 21 upvotes, $0
  144. CSRF - Close Account to U.S. Dept Of Defense - 21 upvotes, $0
  145. Subdomain takeover due to an unclaimed Amazon S3 bucket on ███ to U.S. Dept Of Defense - 21 upvotes, $0
  146. Reflected XSS in https://www.██████/ to U.S. Dept Of Defense - 21 upvotes, $0
  147. Full account takeover on https://████████.mil to U.S. Dept Of Defense - 21 upvotes, $0
  148. Reflected XSS in ████████████ to U.S. Dept Of Defense - 21 upvotes, $0
  149. Resource Injection - [████████] to U.S. Dept Of Defense - 21 upvotes, $0
  150. Path traversal on https://███ allows arbitrary file read (CVE-2020-3452) to U.S. Dept Of Defense - 20 upvotes, $0
  151. critical information disclosure to U.S. Dept Of Defense - 20 upvotes, $0
  152. time based SQL injection at [https://███] [HtUS] to U.S. Dept Of Defense - 20 upvotes, $0
  153. Client side authentication leads to Auth Bypass to U.S. Dept Of Defense - 20 upvotes, $0
  154. [████████] RXSS via "CurrentFolder" parameter to U.S. Dept Of Defense - 20 upvotes, $0
  155. ███████ Site Exposes █████████ forms to U.S. Dept Of Defense - 19 upvotes, $0
  156. ███ exposes sensitive shipment information to public web to U.S. Dept Of Defense - 19 upvotes, $0
  157. Publicly accessible Order confirmations leaking User Emails on ███ to U.S. Dept Of Defense - 19 upvotes, $0
  158. Remote Code Execution on █████████ to U.S. Dept Of Defense - 19 upvotes, $0
  159. https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD to U.S. Dept Of Defense - 19 upvotes, $0
  160. [CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████ to U.S. Dept Of Defense - 19 upvotes, $0
  161. Reflected XSS on ███ to U.S. Dept Of Defense - 19 upvotes, $0
  162. Blind SQL iNJECTION to U.S. Dept Of Defense - 19 upvotes, $0
  163. Self stored Xss + Login Csrf to U.S. Dept Of Defense - 19 upvotes, $0
  164. SQL Injection on █████ to U.S. Dept Of Defense - 19 upvotes, $0
  165. Information Disclosure FrontPage Configuration Information to U.S. Dept Of Defense - 19 upvotes, $0
  166. Parâmetro XSS: Nome de usuário - █████████ to U.S. Dept Of Defense - 19 upvotes, $0
  167. CVE-2021-39226 Discovered on endpoint https://██████/api/snapshots to U.S. Dept Of Defense - 19 upvotes, $0
  168. [hta3] Chain of ESI Injection & Reflected XSS leading to Account Takeover on [███] to U.S. Dept Of Defense - 18 upvotes, $750
  169. [CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (████.███.mil) to U.S. Dept Of Defense - 18 upvotes, $750
  170. Misconfigured password reset vulnerability on a DoD website to U.S. Dept Of Defense - 18 upvotes, $0
  171. [REMOTE] Full Account Takeover At https://██████████████/CAS/ to U.S. Dept Of Defense - 18 upvotes, $0
  172. Subdomain takeover of ████ to U.S. Dept Of Defense - 18 upvotes, $0
  173. XSS Reflect to POST █████ to U.S. Dept Of Defense - 18 upvotes, $0
  174. Reflected XSS on ██████.mil to U.S. Dept Of Defense - 18 upvotes, $0
  175. Sensitive information disclosure [HtUS] to U.S. Dept Of Defense - 18 upvotes, $0
  176. Default Admin Username and Password on ███ to U.S. Dept Of Defense - 18 upvotes, $0
  177. Full Access to sonarQube and Docker to U.S. Dept Of Defense - 18 upvotes, $0
  178. Email Takeover leads to permanent account deletion to U.S. Dept Of Defense - 18 upvotes, $0
  179. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
  180. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
  181. Remote Code Execution (RCE) in DoD Websites to U.S. Dept Of Defense - 17 upvotes, $0
  182. Partial SSN exposed through Presentation slides on ██████████ to U.S. Dept Of Defense - 17 upvotes, $0
  183. PII leakage due to scrceenshot of health records to U.S. Dept Of Defense - 17 upvotes, $0
  184. Self XSS combine CSRF at https://████████/index.php to U.S. Dept Of Defense - 17 upvotes, $0
  185. ███ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability to U.S. Dept Of Defense - 17 upvotes, $0
  186. RXSS - https://████████/ to U.S. Dept Of Defense - 17 upvotes, $0
  187. IDOR to U.S. Dept Of Defense - 17 upvotes, $0
  188. WordPress application vulnerable to DoS attack via wp-cron.php to U.S. Dept Of Defense - 17 upvotes, $0
  189. RCE on ███████ [CVE-2021-26084] to U.S. Dept Of Defense - 17 upvotes, $0
  190. Reflective Cross Site Scripting (XSS) on ███████/Pages to U.S. Dept Of Defense - 17 upvotes, $0
  191. Unauthenticated arbitrary file upload on the https://█████/ (█████████) to U.S. Dept Of Defense - 17 upvotes, $0
  192. IDOR on DoD Website exposes FTP users and passes linked to all accounts! to U.S. Dept Of Defense - 16 upvotes, $0
  193. CSRF to account takeover in https://███████.mil/ to U.S. Dept Of Defense - 16 upvotes, $0
  194. Reflected XSS on https://█████████/ to U.S. Dept Of Defense - 16 upvotes, $0
  195. Password Reset link hijacking via Host Header Poisoning leads to account takeover to U.S. Dept Of Defense - 16 upvotes, $0
  196. Arbitrary File Read at ███ via filename parameter to U.S. Dept Of Defense - 16 upvotes, $0
  197. SQL injection at [█████████] [HtUS] to U.S. Dept Of Defense - 16 upvotes, $0
  198. [CVE-2018-0296] Cisco VPN path traversal on the https://███ (████████████████) to U.S. Dept Of Defense - 15 upvotes, $750
  199. XSS on www.██████ alerts and a number of other pages to U.S. Dept Of Defense - 15 upvotes, $0
  200. [█████] — DOM-based XSS on endpoint /?s= to U.S. Dept Of Defense - 15 upvotes, $0
  201. Exposed Docker Registry at https://████ to U.S. Dept Of Defense - 15 upvotes, $0
  202. Remote Code Execution via CVE-2019-18935 to U.S. Dept Of Defense - 15 upvotes, $0
  203. Sensitive information about a ██████ to U.S. Dept Of Defense - 15 upvotes, $0
  204. Blind stored XSS due to insecure contact form at https://█████.mil leads to leakage of session token and to U.S. Dept Of Defense - 15 upvotes, $0
  205. Old Session Does Not Expires After Password Change to U.S. Dept Of Defense - 15 upvotes, $0
  206. Unauth RCE on Jenkins Instance at https://█████████/ to U.S. Dept Of Defense - 15 upvotes, $0
  207. Administration Authentication Bypass on https://█████ to U.S. Dept Of Defense - 15 upvotes, $0
  208. XSS via X-Forwarded-Host header to U.S. Dept Of Defense - 15 upvotes, $0
  209. Subdomain takeover [​████████] to U.S. Dept Of Defense - 15 upvotes, $0
  210. phpinfo() disclosure info to U.S. Dept Of Defense - 15 upvotes, $0
  211. Expired SSL Certificate allows credentials steal to U.S. Dept Of Defense - 15 upvotes, $0
  212. reflected xss in www.████████.gov to U.S. Dept Of Defense - 15 upvotes, $0
  213. HTML Injection into https://www.██████.mil to U.S. Dept Of Defense - 15 upvotes, $0
  214. [CVE-2018-0296] Cisco VPN path traversal on the https://██████████ to U.S. Dept Of Defense - 14 upvotes, $750
  215. Blind SQLi vulnerability in a DoD Website to U.S. Dept Of Defense - 14 upvotes, $0
  216. Open FTP server on a DoD system to U.S. Dept Of Defense - 14 upvotes, $0
  217. PII leakage due to caching of Order/Contract ID's on █████████ to U.S. Dept Of Defense - 14 upvotes, $0
  218. Blind SQL injection on ████████ to U.S. Dept Of Defense - 14 upvotes, $0
  219. Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 14 upvotes, $0
  220. [SQLI ]Time Bassed Injection at ██████████ via /██████/library.php?c=G14 parameter to U.S. Dept Of Defense - 14 upvotes, $0
  221. Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak to U.S. Dept Of Defense - 14 upvotes, $0
  222. CSRF in https://███ to U.S. Dept Of Defense - 14 upvotes, $0
  223. Reflected XSS through ClickJacking to U.S. Dept Of Defense - 14 upvotes, $0
  224. [Urgent] Critical Vulnerability [RCE] on ███ vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635 to U.S. Dept Of Defense - 14 upvotes, $0
  225. [█████] Bug Reports allow for Unrestricted File Upload to U.S. Dept Of Defense - 14 upvotes, $0
  226. DBMS information getting exposed publicly on -- [ ██████████ ] to U.S. Dept Of Defense - 14 upvotes, $0
  227. XML External Entity (XXE) Injection to U.S. Dept Of Defense - 14 upvotes, $0
  228. CSRF to ATO at https://█████/user/account [HtUS] to U.S. Dept Of Defense - 13 upvotes, $500
  229. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
  230. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
  231. [Critical] Full local fylesystem access (LFI/LFD) as admin via Path Traversal in the misconfigured Java servlet on the https://███/ to U.S. Dept Of Defense - 13 upvotes, $0
  232. PII leakage-Full SSN on ███ to U.S. Dept Of Defense - 13 upvotes, $0
  233. http://████/data.json showing users sensitive information via json file to U.S. Dept Of Defense - 13 upvotes, $0
  234. Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604) to U.S. Dept Of Defense - 13 upvotes, $0
  235. SSN leak due to editable slides to U.S. Dept Of Defense - 13 upvotes, $0
  236. Previously Compromised PulseSSL VPN Hosts to U.S. Dept Of Defense - 13 upvotes, $0
  237. IDOR + Account Takeover [UNAUTHENTICATED] to U.S. Dept Of Defense - 13 upvotes, $0
  238. CSRF to Stored HTML injection at https://www.█████ to U.S. Dept Of Defense - 13 upvotes, $0
  239. DOM Based XSS on https://████ via backURL param to U.S. Dept Of Defense - 13 upvotes, $0
  240. Insufficient Session Expiration on Adobe Connect | https://█████████ to U.S. Dept Of Defense - 13 upvotes, $0
  241. XML Injection / External Service Interaction (HTTP/DNS) On https://█████████.mil to U.S. Dept Of Defense - 13 upvotes, $0
  242. Reflected XSS at [████████] to U.S. Dept Of Defense - 13 upvotes, $0
  243. XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 13 upvotes, $0
  244. Broken Authentication to U.S. Dept Of Defense - 13 upvotes, $0
  245. Stored XSS at https://█████ to U.S. Dept Of Defense - 13 upvotes, $0
  246. Account takeover on ███████ [HtUS] to U.S. Dept Of Defense - 13 upvotes, $0
  247. IDOR leaking PII data via VendorId parameter to U.S. Dept Of Defense - 13 upvotes, $0
  248. xss on reset password page to U.S. Dept Of Defense - 13 upvotes, $0
  249. Sql Injection At █████████ to U.S. Dept Of Defense - 13 upvotes, $0
  250. XSS on ( █████████.gov ) Via URL path to U.S. Dept Of Defense - 13 upvotes, $0
  251. [U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions to U.S. Dept Of Defense - 13 upvotes, $0
  252. Restrict any user from Login to their account to U.S. Dept Of Defense - 13 upvotes, $0
  253. Unrestricted File Download / Path Traversal to U.S. Dept Of Defense - 12 upvotes, $0
  254. DOM Based XSS on an Army website to U.S. Dept Of Defense - 12 upvotes, $0
  255. SQL injections to U.S. Dept Of Defense - 12 upvotes, $0
  256. RCE on https://█████/ Using CVE-2017-9248 to U.S. Dept Of Defense - 12 upvotes, $0
  257. No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service to U.S. Dept Of Defense - 12 upvotes, $0
  258. Unrestricted File Upload Leads to XSS & Potential RCE to U.S. Dept Of Defense - 12 upvotes, $0
  259. PII Leak of USCG Designated Examiner List at https://www.███ to U.S. Dept Of Defense - 12 upvotes, $0
  260. CSRF to Cross-site Scripting (XSS) to U.S. Dept Of Defense - 12 upvotes, $0
  261. External Service Interaction (HTTP/DNS) on https://www.███ (██████████ parameter) to U.S. Dept Of Defense - 12 upvotes, $0
  262. All private support requests to ███████ are being disclosed at https://███████ to U.S. Dept Of Defense - 12 upvotes, $0
  263. Rxss on █████████ via logout?service=javascript:alert(1) to U.S. Dept Of Defense - 12 upvotes, $0
  264. Full account takeover in ███████ due lack of rate limiting in forgot password to U.S. Dept Of Defense - 12 upvotes, $0
  265. Reflected cross site scripting in https://███████ to U.S. Dept Of Defense - 12 upvotes, $0
  266. [XSS] Reflected XSS via POST request to U.S. Dept Of Defense - 12 upvotes, $0
  267. Elasticsearch is currently open without authentication on https://██████l to U.S. Dept Of Defense - 12 upvotes, $0
  268. CVE-2023-26347 in https://████.mil/hax/..CFIDE/adminapi/administrator.cfc?method=getBuildNumber&_cfclient=true to U.S. Dept Of Defense - 12 upvotes, $0
  269. Unauth IDOR to mass account takeover without user interaction on the ███████ (https://███████.edu/) to U.S. Dept Of Defense - 12 upvotes, $0
  270. Local File Read vulnerability on ██████████ [HtUS] to U.S. Dept Of Defense - 11 upvotes, $500
  271. Authentication bypass vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
  272. Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
  273. Local file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
  274. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
  275. Path traversal on ████████ to U.S. Dept Of Defense - 11 upvotes, $0
  276. MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass to U.S. Dept Of Defense - 11 upvotes, $0
  277. SQL Injection in Login Page: https://█████/█████████/login.php to U.S. Dept Of Defense - 11 upvotes, $0
  278. PII/PHI data available on web https://████████Portals/22/Documents/Meetings to U.S. Dept Of Defense - 11 upvotes, $0
  279. CORS misconfiguration which leads to the disclosure to U.S. Dept Of Defense - 11 upvotes, $0
  280. Local File Inclusion In Registration Page to U.S. Dept Of Defense - 11 upvotes, $0
  281. Sensitive Information Leaking Through DoD Owned Website https://www.█████.mil to U.S. Dept Of Defense - 11 upvotes, $0
  282. Blind Stored XSS on ███████ leads to takeover admin account to U.S. Dept Of Defense - 11 upvotes, $0
  283. Improper Access Control - Generic on https://████ to U.S. Dept Of Defense - 11 upvotes, $0
  284. Path Traversal - [ CVE-2020-3452 ] to U.S. Dept Of Defense - 11 upvotes, $0
  285. Unauthorized access to admin panel of the Questionmark Perception system at https://██████████ to U.S. Dept Of Defense - 11 upvotes, $0
  286. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 11 upvotes, $0
  287. Reflected Xss https://██████/ to U.S. Dept Of Defense - 11 upvotes, $0
  288. Unauthenticated Access to Admin Panel Functions at https://███████/███ to U.S. Dept Of Defense - 11 upvotes, $0
  289. XSS Reflected - ██████████ to U.S. Dept Of Defense - 11 upvotes, $0
  290. CSRF - Delete Account (Urgent) to U.S. Dept Of Defense - 11 upvotes, $0
  291. AWS Credentials Disclosure at ███ to U.S. Dept Of Defense - 11 upvotes, $0
  292. AEM misconfiguration leads to Information disclosure to U.S. Dept Of Defense - 11 upvotes, $0
  293. CSRF to delete accounts [HtUS] to U.S. Dept Of Defense - 11 upvotes, $0
  294. Self XSS to U.S. Dept Of Defense - 11 upvotes, $0
  295. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
  296. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
  297. SQL injection on █████ due to tech.cfm to U.S. Dept Of Defense - 10 upvotes, $0
  298. SSRF in ███████ to U.S. Dept Of Defense - 10 upvotes, $0
  299. CSRF - Modify Company Info to U.S. Dept Of Defense - 10 upvotes, $0
  300. xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php to U.S. Dept Of Defense - 10 upvotes, $0
  301. SharePoint Web Services Exposed to Anonymous Access Users to U.S. Dept Of Defense - 10 upvotes, $0
  302. (CORS) Cross-origin resource sharing misconfiguration to U.S. Dept Of Defense - 10 upvotes, $0
  303. Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd to U.S. Dept Of Defense - 10 upvotes, $0
  304. Unauthenticated Arbitrary File Deletion ("CVE-2020-3187") in ████████ to U.S. Dept Of Defense - 10 upvotes, $0
  305. Unauthenticated Arbitrary File Deletion "CVE-2020-3187" in █████ to U.S. Dept Of Defense - 10 upvotes, $0
  306. Reflected XSS on https://████/ (Bypass of #1002977) to U.S. Dept Of Defense - 10 upvotes, $0
  307. Reflected XSS www.█████ search form to U.S. Dept Of Defense - 10 upvotes, $0
  308. Reflected XSS In https://███████ to U.S. Dept Of Defense - 10 upvotes, $0
  309. IDOR leads to Leakage an ██████████ Login Information to U.S. Dept Of Defense - 10 upvotes, $0
  310. critical information disclosure to U.S. Dept Of Defense - 10 upvotes, $0
  311. Git repo on https://██████.mil/ discloses API password to U.S. Dept Of Defense - 10 upvotes, $0
  312. https://████ is vulnerable to cve-2020-3452 to U.S. Dept Of Defense - 10 upvotes, $0
  313. ███ on https://████ enable ███ scraping, injection, stored XSS to U.S. Dept Of Defense - 10 upvotes, $0
  314. Reflected XSS on https://██████ to U.S. Dept Of Defense - 10 upvotes, $0
  315. Reflected XSS through clickjacking at https://████ to U.S. Dept Of Defense - 10 upvotes, $0
  316. Reflected XSS to U.S. Dept Of Defense - 10 upvotes, $0
  317. CSRF Based XSS @ https://██████████ to U.S. Dept Of Defense - 10 upvotes, $0
  318. Cross site scripting to U.S. Dept Of Defense - 10 upvotes, $0
  319. Reflected XSS on [█████████] to U.S. Dept Of Defense - 10 upvotes, $0
  320. Blind SQL Injection to U.S. Dept Of Defense - 10 upvotes, $0
  321. SQL Injection on https://████████/ to U.S. Dept Of Defense - 10 upvotes, $0
  322. Unauthorized Access to Internal Server Panel without Authentication to U.S. Dept Of Defense - 10 upvotes, $0
  323. The dashboard is exposed in https://███ to U.S. Dept Of Defense - 10 upvotes, $0
  324. IDOR when editing email leads to Mass Full ATOs (Account Takeovers) without user interaction on https://██████/ to U.S. Dept Of Defense - 10 upvotes, $0
  325. Sensitive Data Exposure at https://█████████ to U.S. Dept Of Defense - 10 upvotes, $0
  326. Reflected XSS in ██████ to U.S. Dept Of Defense - 10 upvotes, $0
  327. DoS at █████(CVE-2018-6389) to U.S. Dept Of Defense - 10 upvotes, $0
  328. External service interaction ( DNS and HTTP ) in www.████████ to U.S. Dept Of Defense - 10 upvotes, $0
  329. Unauthorized access to Argo dashboard on █████ to U.S. Dept Of Defense - 10 upvotes, $0
  330. Authentication bypass and potential RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 10 upvotes, $0
  331. Unauthenticated arbitrary file upload on the https://█████/ (█████.mil) to U.S. Dept Of Defense - 10 upvotes, $0
  332. [CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (█████████.mil) to U.S. Dept Of Defense - 9 upvotes, $750
  333. [CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (██████) to U.S. Dept Of Defense - 9 upvotes, $750
  334. Exposed Access Control Data Backup Files on DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
  335. Privilege Escalation on a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
  336. Reflected XSS on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  337. Personal information disclosure on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  338. File upload vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  339. Blind SQLi in a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
  340. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  341. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  342. Server-Side Request Forgery (SSRF) to U.S. Dept Of Defense - 9 upvotes, $0
  343. [CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc to U.S. Dept Of Defense - 9 upvotes, $0
  344. PII Leak via https://████████ to U.S. Dept Of Defense - 9 upvotes, $0
  345. Unrestricted File Upload to ███████SubmitRequest/Index.cfm?fwa=wizardform to U.S. Dept Of Defense - 9 upvotes, $0
  346. SSN is exposed on slides, previous critical report was not fixed in an appropriate way to U.S. Dept Of Defense - 9 upvotes, $0
  347. Reflected XSS on ███████ to U.S. Dept Of Defense - 9 upvotes, $0
  348. SQLi in login form of █████ to U.S. Dept Of Defense - 9 upvotes, $0
  349. View another user information with IDOR vulnerability to U.S. Dept Of Defense - 9 upvotes, $0
  350. Reflected XSS at https://████████/███/... to U.S. Dept Of Defense - 9 upvotes, $0
  351. XML Injection on https://www.█████████ (███ parameter) to U.S. Dept Of Defense - 9 upvotes, $0
  352. IDOR on https://██████ via POST UID enables database scraping to U.S. Dept Of Defense - 9 upvotes, $0
  353. Elmah.axd is publicly accessible leaking Error Log to U.S. Dept Of Defense - 9 upvotes, $0
  354. SQLi on █████████ to U.S. Dept Of Defense - 9 upvotes, $0
  355. Cache Posioning leading to denial of service at █████████ - Bypass fix from report #1198434 to U.S. Dept Of Defense - 9 upvotes, $0
  356. AWS subdomain takeover of www.███████ to U.S. Dept Of Defense - 9 upvotes, $0
  357. Full read SSRF at █████████ [HtUS] to U.S. Dept Of Defense - 9 upvotes, $0
  358. insecure gitlab repositories at ████████ [HtUS] to U.S. Dept Of Defense - 9 upvotes, $0
  359. Local file read at https://████/ [HtUS] to U.S. Dept Of Defense - 9 upvotes, $0
  360. Reflected XSS at ████████ to U.S. Dept Of Defense - 9 upvotes, $0
  361. CORS Misconfiguration in https://████████/accounts/login/ to U.S. Dept Of Defense - 9 upvotes, $0
  362. Email exploitation with web hosting services. to U.S. Dept Of Defense - 9 upvotes, $0
  363. Exposed GIT repo on ██████████[HtUS] to U.S. Dept Of Defense - 9 upvotes, $0
  364. Unauthenticated access to internal API at██████████.███.edu [HtUS] to U.S. Dept Of Defense - 9 upvotes, $0
  365. Missing Access Control Allows for User Creation and Privilege Escalation to U.S. Dept Of Defense - 9 upvotes, $0
  366. [CVE-2018-0296] Cisco VPN path traversal on the https://1████████ (https://████████.███.████████/) to U.S. Dept Of Defense - 8 upvotes, $750
  367. [CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (no hostname) to U.S. Dept Of Defense - 8 upvotes, $750
  368. Reflected XSS in a Navy website to U.S. Dept Of Defense - 8 upvotes, $0
  369. Reflected XSS on an Army website to U.S. Dept Of Defense - 8 upvotes, $0
  370. Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
  371. Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
  372. Bypass file access control vulnerability on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  373. XSS on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  374. Reflected XSS on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  375. Server-side include injection vulnerability in a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  376. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  377. Remote code execution (RCE) in multiple DoD websites to U.S. Dept Of Defense - 8 upvotes, $0
  378. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  379. [Critical] Possibility to takeover any user account #2 without interaction on the https://██████████ to U.S. Dept Of Defense - 8 upvotes, $0
  380. [███] SQL injection & Reflected XSS to U.S. Dept Of Defense - 8 upvotes, $0
  381. [█████] Get all tickets (IDOR) to U.S. Dept Of Defense - 8 upvotes, $0
  382. Unrestricted File Upload to U.S. Dept Of Defense - 8 upvotes, $0
  383. Full Account Take-Over of ████████ Members via IDOR to U.S. Dept Of Defense - 8 upvotes, $0
  384. Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE to U.S. Dept Of Defense - 8 upvotes, $0
  385. RCE (Remote code execution) in one of DoD's websites to U.S. Dept Of Defense - 8 upvotes, $0
  386. CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. to U.S. Dept Of Defense - 8 upvotes, $0
  387. Сode injection host █████████ to U.S. Dept Of Defense - 8 upvotes, $0
  388. Stored XSS via Comment Form at ████████ to U.S. Dept Of Defense - 8 upvotes, $0
  389. Cross Site Scripting (XSS) – Reflected to U.S. Dept Of Defense - 8 upvotes, $0
  390. DOM XSS on https://www.███████ to U.S. Dept Of Defense - 8 upvotes, $0
  391. {███} It is posible download all information and files via S3 Bucket Misconfiguration to U.S. Dept Of Defense - 8 upvotes, $0
  392. PII Information Leak at https://████████.mil/ to U.S. Dept Of Defense - 8 upvotes, $0
  393. SQL Injection in www.██████████ to U.S. Dept Of Defense - 8 upvotes, $0
  394. Stored XSS via 64(?) vulnerable fields in ███ leads to credential theft/account takeover to U.S. Dept Of Defense - 8 upvotes, $0
  395. CVE 2020 14179 on jira instance to U.S. Dept Of Defense - 8 upvotes, $0
  396. PII Leak via /████████ to U.S. Dept Of Defense - 8 upvotes, $0
  397. SSRF due to CVE-2021-26855 on ████████ to U.S. Dept Of Defense - 8 upvotes, $0
  398. RCE in ██████ subdomain via CVE-2017-1000486 to U.S. Dept Of Defense - 8 upvotes, $0
  399. Reflected XSS at www.███████ at /██████████ via the ████████ parameter to U.S. Dept Of Defense - 8 upvotes, $0
  400. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 8 upvotes, $0
  401. S3 bucket listing/download to U.S. Dept Of Defense - 8 upvotes, $0
  402. ███████ - XSS - CVE-2020-3580 to U.S. Dept Of Defense - 8 upvotes, $0
  403. Open Akamai ARL XSS at ████████ to U.S. Dept Of Defense - 8 upvotes, $0
  404. SQL Injection in █████ to U.S. Dept Of Defense - 8 upvotes, $0
  405. Cross-site Scripting (XSS) - Reflected at https://██████████/ to U.S. Dept Of Defense - 8 upvotes, $0
  406. lfi in filePathDownload parameter via ███████ to U.S. Dept Of Defense - 8 upvotes, $0
  407. CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 8 upvotes, $0
  408. Blind SSRF via image upload URL downloader on https://██████/ to U.S. Dept Of Defense - 8 upvotes, $0
  409. .git folder exposed [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
  410. Host Header Injection on https://███/████████/Account/ForgotPassword to U.S. Dept Of Defense - 8 upvotes, $0
  411. stored cross site scripting in https://███ to U.S. Dept Of Defense - 8 upvotes, $0
  412. Unauthenticated phpinfo()files could lead to ability file read at █████████ [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
  413. xmlrpc.php file enabled at ██████.org to U.S. Dept Of Defense - 8 upvotes, $0
  414. DOM-XSS to U.S. Dept Of Defense - 8 upvotes, $0
  415. Adobe ColdFusion Access Control Bypass - CVE-2023-38205 to U.S. Dept Of Defense - 8 upvotes, $0
  416. [HTAF4-213] [Pre-submission] XSS via arbitrary cookie name at the https://www2.██████/nssi/core/dot_stu_reg/Registration.aspx to U.S. Dept Of Defense - 7 upvotes, $375
  417. Reflected XSS on a Navy website to U.S. Dept Of Defense - 7 upvotes, $0
  418. SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  419. Information leakage on a Department of Defense website to U.S. Dept Of Defense - 7 upvotes, $0
  420. QuickTime Promotion on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  421. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  422. Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  423. Remote Command Execution on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  424. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  425. Insecure direct object reference vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  426. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  427. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  428. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  429. Default credentials on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  430. Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  431. Violation of secure design principles on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  432. Limited code execution vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  433. Remote Code Execution (RCE) vulnerability in a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  434. Insecure Direct Object Reference (IDOR) vulnerability in a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  435. X-XSS-Protection -> Misconfiguration to U.S. Dept Of Defense - 7 upvotes, $0
  436. Account takeover due to CSRF in "Account details" option on █████████ to U.S. Dept Of Defense - 7 upvotes, $0
  437. Root Remote Code Execution on https://███ to U.S. Dept Of Defense - 7 upvotes, $0
  438. ██████ Authenticated User Data Disclosure to U.S. Dept Of Defense - 7 upvotes, $0
  439. SSRF on ████████ to U.S. Dept Of Defense - 7 upvotes, $0
  440. Information Disclosure (can access all ███s) within ███████ view █████████ Portal to U.S. Dept Of Defense - 7 upvotes, $0
  441. Open FTP on ███ to U.S. Dept Of Defense - 7 upvotes, $0
  442. Exposed ███████ Administrative Interface (ColdFusion 11) to U.S. Dept Of Defense - 7 upvotes, $0
  443. Admin Salt Leakage on DoD site. to U.S. Dept Of Defense - 7 upvotes, $0
  444. SharePoint exposed web services to U.S. Dept Of Defense - 7 upvotes, $0
  445. Corda Server XSS ████████ to U.S. Dept Of Defense - 7 upvotes, $0
  446. [████████] Boolean SQL Injection (/personnel.php?content=profile&rcnum=*) to U.S. Dept Of Defense - 7 upvotes, $0
  447. Null byte Injection in https://████/ to U.S. Dept Of Defense - 7 upvotes, $0
  448. [Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator to U.S. Dept Of Defense - 7 upvotes, $0
  449. CSRF to account takeover in https://█████/ to U.S. Dept Of Defense - 7 upvotes, $0
  450. Reflected XSS on https://█████████html?url to U.S. Dept Of Defense - 7 upvotes, $0
  451. Bypassed a fix to gain access to PII of more than 100 Officers to U.S. Dept Of Defense - 7 upvotes, $0
  452. Password Cracking - Weak Password Used to Secure ████ Containing a Plaintext Password to U.S. Dept Of Defense - 7 upvotes, $0
  453. Misconfigured AWS S3 bucket leaks senstive data such of admin, Prdouction,beta, localhost and many more directories.... to U.S. Dept Of Defense - 7 upvotes, $0
  454. Reflected XSS on ███████ to U.S. Dept Of Defense - 7 upvotes, $0
  455. ████████ portal is open to enumeration once authenticated. Session ID's appear static. All PII available once a valid session ID is found. to U.S. Dept Of Defense - 7 upvotes, $0
  456. [www.███] Reflected Cross-Site Scripting to U.S. Dept Of Defense - 7 upvotes, $0
  457. XSS on ███ to U.S. Dept Of Defense - 7 upvotes, $0
  458. Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 7 upvotes, $0
  459. RXSS - ████ to U.S. Dept Of Defense - 7 upvotes, $0
  460. Military name,email,phone,address,certdata Disclosure to U.S. Dept Of Defense - 7 upvotes, $0
  461. Open Akamai ARL XSS at ████████ to U.S. Dept Of Defense - 7 upvotes, $0
  462. Reflected XSS via ████████ parameter to U.S. Dept Of Defense - 7 upvotes, $0
  463. stored cross site scripting in https://██████████ to U.S. Dept Of Defense - 7 upvotes, $0
  464. Upload and delete files in debug page without access control. to U.S. Dept Of Defense - 7 upvotes, $0
  465. DoS at ████████ (CVE-2018-6389) to U.S. Dept Of Defense - 7 upvotes, $0
  466. HAProxy stats panel exposed externally to U.S. Dept Of Defense - 7 upvotes, $0
  467. Path traversal leads to reading of local files on ███████ and ████ to U.S. Dept Of Defense - 7 upvotes, $0
  468. LDAP Server NULL Bind Connection Information Disclosure to U.S. Dept Of Defense - 7 upvotes, $0
  469. Unauthenticated File Read Adobe ColdFusion to U.S. Dept Of Defense - 7 upvotes, $0
  470. XXE with RCE potential on the https://█████████ (CVE-2017-3548) to U.S. Dept Of Defense - 7 upvotes, $0
  471. Password reset vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  472. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  473. Remote file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  474. HTML injection vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  475. Reflected XSS in a DoD Website to U.S. Dept Of Defense - 6 upvotes, $0
  476. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  477. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  478. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  479. Server Side Request Forgery (SSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  480. https://█████████ Vulnerable to CVE-2018-0296 Cisco ASA Path Traversal Authentication Bypass to U.S. Dept Of Defense - 6 upvotes, $0
  481. SQL Injection in the get_publications.php on the https://█████ to U.S. Dept Of Defense - 6 upvotes, $0
  482. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  483. Out-of-date Version (Apache) to U.S. Dept Of Defense - 6 upvotes, $0
  484. Default page exposes admin functions and all metods and classes available. on https://██████/█████/dwr/index.html to U.S. Dept Of Defense - 6 upvotes, $0
  485. SharePoint exposed web services to U.S. Dept Of Defense - 6 upvotes, $0
  486. LDAP Injection at ██████ to U.S. Dept Of Defense - 6 upvotes, $0
  487. Partial PII leakage due to public set gitlab to U.S. Dept Of Defense - 6 upvotes, $0
  488. ██████████ bruteforceable RIC Codes allowing information on contracts to U.S. Dept Of Defense - 6 upvotes, $0
  489. [█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action to U.S. Dept Of Defense - 6 upvotes, $0
  490. ████ █████ exposes highly sensitive information to public to U.S. Dept Of Defense - 6 upvotes, $0
  491. [██████████] Unauthorized access to admin panel to U.S. Dept Of Defense - 6 upvotes, $0
  492. idor on upload profile functionality to U.S. Dept Of Defense - 6 upvotes, $0
  493. Stored XSS at ██████userprofile.aspx to U.S. Dept Of Defense - 6 upvotes, $0
  494. External Service Interaction | https://█████████.mil to U.S. Dept Of Defense - 6 upvotes, $0
  495. https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD to U.S. Dept Of Defense - 6 upvotes, $0
  496. [████] SQL Injections on Referer Header exploitable via Time-Based method to U.S. Dept Of Defense - 6 upvotes, $0
  497. hardcoded password stored in javascript of https://████.mil to U.S. Dept Of Defense - 6 upvotes, $0
  498. ███████mill is vulnerable to cross site request forgery that leads to full account take over. to U.S. Dept Of Defense - 6 upvotes, $0
  499. Stored XSS at https://www.█████████.mil to U.S. Dept Of Defense - 6 upvotes, $0
  500. Second Order XSS via █████ to U.S. Dept Of Defense - 6 upvotes, $0
  501. Knowledge Base Articles are Globally Modifiable via ██████ to U.S. Dept Of Defense - 6 upvotes, $0
  502. Support incident can be opened for any user via /███████ and PII leak via █████████ field to U.S. Dept Of Defense - 6 upvotes, $0
  503. Information Disclosure(PHPINFO/Credentials) on DoD Asset to U.S. Dept Of Defense - 6 upvotes, $0
  504. CRXDE Lite/CRX is on ██████ exposed that leads to PII disclosure to U.S. Dept Of Defense - 6 upvotes, $0
  505. param allows any external resource to be downloadable | https://████████ to U.S. Dept Of Defense - 6 upvotes, $0
  506. Read-only path traversal (CVE-2020-3452) at https://██████.mil to U.S. Dept Of Defense - 6 upvotes, $0
  507. Reflected XSS on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
  508. Website vulnerable to POODLE (SSLv3) with expired certificate to U.S. Dept Of Defense - 6 upvotes, $0
  509. Sending trusted ████ and ██████████ emails through public API endpoint in ███████ site to U.S. Dept Of Defense - 6 upvotes, $0
  510. CVE-2019-3403 on https://████/rest/api/2/user/picker?query= to U.S. Dept Of Defense - 6 upvotes, $0
  511. [█████████] Reflected Cross-Site Scripting Vulnerability to U.S. Dept Of Defense - 6 upvotes, $0
  512. Reflected XSS at https://█████ via "██████████" parameter to U.S. Dept Of Defense - 6 upvotes, $0
  513. XSS on https://████/ via ███████ parameter to U.S. Dept Of Defense - 6 upvotes, $0
  514. Broken access control, can lead to legitimate user data loss to U.S. Dept Of Defense - 6 upvotes, $0
  515. username and password leaked via pptx for █████████ website to U.S. Dept Of Defense - 6 upvotes, $0
  516. [CVE-2020-3452] on ███████ to U.S. Dept Of Defense - 6 upvotes, $0
  517. ██████████ vulnerable to CVE-2022-22954 to U.S. Dept Of Defense - 6 upvotes, $0
  518. SSRF due to CVE-2021-27905 in www.████████ to U.S. Dept Of Defense - 6 upvotes, $0
  519. RXSS on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
  520. XSS DUE TO CVE-2022-38463 in https://████████ to U.S. Dept Of Defense - 6 upvotes, $0
  521. SSRF ACCESS AWS METADATA - █████ to U.S. Dept Of Defense - 6 upvotes, $0
  522. Account Takeover and Information update due to cross site request forgery via POST █████████/registration/my-account.cfm to U.S. Dept Of Defense - 6 upvotes, $0
  523. Found Origin IP's Lead To Access ████ to U.S. Dept Of Defense - 6 upvotes, $0
  524. Authentication bypass leads to Information Disclosure at U.S Air Force "https://███" to U.S. Dept Of Defense - 6 upvotes, $0
  525. Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS] to U.S. Dept Of Defense - 6 upvotes, $0
  526. IDOR on ███████ [HtUS] to U.S. Dept Of Defense - 6 upvotes, $0
  527. XSS via Client Side Template Injection on www.███/News/Speeches to U.S. Dept Of Defense - 6 upvotes, $0
  528. stored cross site scripting in https://███ to U.S. Dept Of Defense - 6 upvotes, $0
  529. Authentication Bypass Using Default Credentials on █████ to U.S. Dept Of Defense - 6 upvotes, $0
  530. Sensitive Data Exposure via wp-config.php file to U.S. Dept Of Defense - 6 upvotes, $0
  531. XSS vulnerability on an Army website to U.S. Dept Of Defense - 5 upvotes, $0
  532. Open Redirect in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  533. Cross-site request forgery vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  534. Remote command execution (RCE) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  535. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  536. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  537. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  538. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  539. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  540. Open redirect vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  541. Reflected cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  542. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  543. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  544. Admin panel take over | User info leakage | Mass Comprimise to U.S. Dept Of Defense - 5 upvotes, $0
  545. sql injection on /messagecenter/messagingcenter at https://www.███████/ to U.S. Dept Of Defense - 5 upvotes, $0
  546. Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████ to U.S. Dept Of Defense - 5 upvotes, $0
  547. HTML Injection on ████ to U.S. Dept Of Defense - 5 upvotes, $0
  548. Critical information disclosure at https://█████████ to U.S. Dept Of Defense - 5 upvotes, $0
  549. Insecure Direct Object Reference on in-scope .mil website to U.S. Dept Of Defense - 5 upvotes, $0
  550. WebLogic Server Side Request Forgery to U.S. Dept Of Defense - 5 upvotes, $0
  551. Email PII disclosure due to Insecure Password Reset field to U.S. Dept Of Defense - 5 upvotes, $0
  552. File Upload Restriction Bypass to U.S. Dept Of Defense - 5 upvotes, $0
  553. Internal IP Address Disclosed to U.S. Dept Of Defense - 5 upvotes, $0
  554. Reflected XSS and HTML Injectionon a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  555. Able to authenticate as administrator by navigating to https://█████/admin/ to U.S. Dept Of Defense - 5 upvotes, $0
  556. PHP info page disclosure to U.S. Dept Of Defense - 5 upvotes, $0
  557. Directory Indexing on the ████ (https://████/) leads to the backups disclosure and credentials leak to U.S. Dept Of Defense - 5 upvotes, $0
  558. PII Leak of ████████ Personal at https://www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
  559. Register with non accepted email types on https://███████ to U.S. Dept Of Defense - 5 upvotes, $0
  560. Improper Access Controls Allow PII Leak via ████ to U.S. Dept Of Defense - 5 upvotes, $0
  561. Arbitrary file upload and stored XSS via ███ support request to U.S. Dept Of Defense - 5 upvotes, $0
  562. Access to requests and approvals via /█████ allows sensitive information gathering to U.S. Dept Of Defense - 5 upvotes, $0
  563. HTML Injection + XSS Vulnerability - https://████████/ | Proof of Concept [PoC] to U.S. Dept Of Defense - 5 upvotes, $0
  564. RXSS - https://███/ to U.S. Dept Of Defense - 5 upvotes, $0
  565. Blind Stored XSS on https://█████████ after filling a request at https://█████ to U.S. Dept Of Defense - 5 upvotes, $0
  566. reflected xss @ www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
  567. CVE-2021-26855 on ████████ resulting in SSRF to U.S. Dept Of Defense - 5 upvotes, $0
  568. Reflected XSS in https://██████████ via "████████" parameter to U.S. Dept Of Defense - 5 upvotes, $0
  569. Cache Posioning leading do Denial of Service on www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
  570. XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 5 upvotes, $0
  571. Subdomain takeover of ███ to U.S. Dept Of Defense - 5 upvotes, $0
  572. XSS due to CVE-2020-3580 [██████] to U.S. Dept Of Defense - 5 upvotes, $0
  573. Path traversal on [███] to U.S. Dept Of Defense - 5 upvotes, $0
  574. Authorization bypass -> IDOR -> PII Leakage to U.S. Dept Of Defense - 5 upvotes, $0
  575. SQL INJECTION in https://████/██████████ to U.S. Dept Of Defense - 5 upvotes, $0
  576. CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 5 upvotes, $0
  577. RXSS on ███████ to U.S. Dept Of Defense - 5 upvotes, $0
  578. Reflected XSS | https://████████ to U.S. Dept Of Defense - 5 upvotes, $0
  579. Open Redirect at █████ to U.S. Dept Of Defense - 5 upvotes, $0
  580. stored cross site scripting in https://███████ to U.S. Dept Of Defense - 5 upvotes, $0
  581. stored cross site scripting in https://██████████ to U.S. Dept Of Defense - 5 upvotes, $0
  582. stored cross site scripting in https://█████████ to U.S. Dept Of Defense - 5 upvotes, $0
  583. stored cross site scripting in https://███ to U.S. Dept Of Defense - 5 upvotes, $0
  584. Install.php File Exposure on Drupal to U.S. Dept Of Defense - 5 upvotes, $0
  585. Reflected XSS in ██████████ to U.S. Dept Of Defense - 5 upvotes, $0
  586. Reflected XSS in ██████████ to U.S. Dept Of Defense - 5 upvotes, $0
  587. Improper Access Control on Media Wiki allows an attackers to restart installation on DoD asset to U.S. Dept Of Defense - 5 upvotes, $0
  588. Default Credentials on Kinetic Core System Console - https://█████/kinetic/app/ to U.S. Dept Of Defense - 5 upvotes, $0
  589. XSS in ServiceNow logout https://████:443 to U.S. Dept Of Defense - 5 upvotes, $0
  590. Persistent XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  591. Cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  592. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  593. Arbitrary Script Injection (Mail) in a DoD Website to U.S. Dept Of Defense - 4 upvotes, $0
  594. Misconfigured user account settings on DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  595. Stored cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  596. HTML Injection/Load Images vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  597. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  598. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  599. Cross-Site Scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  600. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  601. Server side information disclosure on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  602. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  603. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  604. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  605. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  606. Cross-site request forgery (CSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  607. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  608. Information disclosure vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  609. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  610. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  611. SQL injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  612. Reflective XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  613. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  614. Stored cross site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  615. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  616. Remote Code Execution (RCE) vulnerability in multiple DoD websites to U.S. Dept Of Defense - 4 upvotes, $0
  617. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  618. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  619. Cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  620. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  621. Remote OS command Execution in the 3 more Oracle Weblogic on the ████████, ████, ███████ [CVE-2017-10352] to U.S. Dept Of Defense - 4 upvotes, $0
  622. https://████████ Impacted by DNN ImageHandler SSRF to U.S. Dept Of Defense - 4 upvotes, $0
  623. Code reversion allowing SQLI again in ███████ to U.S. Dept Of Defense - 4 upvotes, $0
  624. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  625. Attackers can control which security questions they are presented (████████) to U.S. Dept Of Defense - 4 upvotes, $0
  626. CRLF Injection on ███████ to U.S. Dept Of Defense - 4 upvotes, $0
  627. Able to view Backend Database dur to improper authentication to U.S. Dept Of Defense - 4 upvotes, $0
  628. [████████] Reflected XSS to U.S. Dept Of Defense - 4 upvotes, $0
  629. [███████] Reflected GET XSS (/mission.php?...&missionDate=*) to U.S. Dept Of Defense - 4 upvotes, $0
  630. █████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files to U.S. Dept Of Defense - 4 upvotes, $0
  631. Firewall rules for ████████ can be bypassed to leak site authors to U.S. Dept Of Defense - 4 upvotes, $0
  632. CORS Misconfiguration Leads to Exposing User Data to U.S. Dept Of Defense - 4 upvotes, $0
  633. Application level DoS via xmlrpc.php to U.S. Dept Of Defense - 4 upvotes, $0
  634. No ACL on S3 Bucket in [https://www.██████████/] to U.S. Dept Of Defense - 4 upvotes, $0
  635. [████████] — XSS on /███████_flight/images via advanced_val parameter to U.S. Dept Of Defense - 4 upvotes, $0
  636. Unrestricted file upload leads to stored xss on https://████████/ to U.S. Dept Of Defense - 4 upvotes, $0
  637. HTML Injection leads to XSS on███ to U.S. Dept Of Defense - 4 upvotes, $0
  638. [██████████.mil] Cisco VPN Service Path Traversal to U.S. Dept Of Defense - 4 upvotes, $0
  639. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 4 upvotes, $0
  640. Apparent ██████████ website is publicly exposed, suggests default account details on page and has expired SSL/TLS cert to U.S. Dept Of Defense - 4 upvotes, $0
  641. Able to log in with default ██████g creds at https█████████████████████.mil to U.S. Dept Of Defense - 4 upvotes, $0
  642. System Error Reveals Sensitive SQL Call Data to U.S. Dept Of Defense - 4 upvotes, $0
  643. Insecure ███████ credentials on staging app at ████ leads to application takeover to U.S. Dept Of Defense - 4 upvotes, $0
  644. Dashboard sharing enables code injection into ████ emails to U.S. Dept Of Defense - 4 upvotes, $0
  645. PII Leak via /███████ to U.S. Dept Of Defense - 4 upvotes, $0
  646. PII Leak via /██████ to U.S. Dept Of Defense - 4 upvotes, $0
  647. Stored XSS through name / last name on https://██████████/ to U.S. Dept Of Defense - 4 upvotes, $0
  648. Self XSS + CSRF Leads to Reflected XSS in https://████/ to U.S. Dept Of Defense - 4 upvotes, $0
  649. Read-only path traversal (CVE-2020-3452) at https://█████ to U.S. Dept Of Defense - 4 upvotes, $0
  650. Read-only path traversal (CVE-2020-3452) at https://████████ to U.S. Dept Of Defense - 4 upvotes, $0
  651. xss on https://███████(█████████ parameter) to U.S. Dept Of Defense - 4 upvotes, $0
  652. SQL injection located in ███ in POST param ████████ to U.S. Dept Of Defense - 4 upvotes, $0
  653. Reflected XSS at ████ via ██████████= parameter to U.S. Dept Of Defense - 4 upvotes, $0
  654. Wrong settings in ADF Faces leads to information disclosure to U.S. Dept Of Defense - 4 upvotes, $0
  655. ██████████ running a vulnerable log4j to U.S. Dept Of Defense - 4 upvotes, $0
  656. Unauthorized access to PII leads to MASS account Takeover to U.S. Dept Of Defense - 4 upvotes, $0
  657. default ████ creds on https://████████ to U.S. Dept Of Defense - 4 upvotes, $0
  658. Reflected XSS at https://█████████ via "███" parameter to U.S. Dept Of Defense - 4 upvotes, $0
  659. XSS trigger via HTML Iframe injection in ( https://██████████ ) due to unfiltered HTML tags to U.S. Dept Of Defense - 4 upvotes, $0
  660. ███ vulnerable to CVE-2022-22954 to U.S. Dept Of Defense - 4 upvotes, $0
  661. Reflected XSS [██████] to U.S. Dept Of Defense - 4 upvotes, $0
  662. Reflected XSS [██████] to U.S. Dept Of Defense - 4 upvotes, $0
  663. springboot actuator is leaking internals at ██████████ to U.S. Dept Of Defense - 4 upvotes, $0
  664. Broken access discloses users and PII at https://███████ [HtUS] to U.S. Dept Of Defense - 4 upvotes, $0
  665. stored cross site scripting in https://████ to U.S. Dept Of Defense - 4 upvotes, $0
  666. stored cross site scripting in https://███ to U.S. Dept Of Defense - 4 upvotes, $0
  667. Out-Of-Bounds Memory Read on ███ to U.S. Dept Of Defense - 4 upvotes, $0
  668. [HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████ to U.S. Dept Of Defense - 3 upvotes, $3000
  669. DNS Misconfiguration to U.S. Dept Of Defense - 3 upvotes, $0
  670. Server side information disclosure to U.S. Dept Of Defense - 3 upvotes, $0
  671. XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  672. Potentially sensitive information disclosure on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  673. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  674. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  675. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  676. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  677. DOM Based XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  678. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  679. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  680. Cross-site request forgery (CSRF) vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  681. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  682. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  683. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  684. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  685. Online training material disclosing username and password to U.S. Dept Of Defense - 3 upvotes, $0
  686. ████████ SQL to U.S. Dept Of Defense - 3 upvotes, $0
  687. SQL injection on https://███████ to U.S. Dept Of Defense - 3 upvotes, $0
  688. Sensitive Email disclosure Due to Insecure Reactivate Account field to U.S. Dept Of Defense - 3 upvotes, $0
  689. Exposed FTP Credentials on ███████ to U.S. Dept Of Defense - 3 upvotes, $0
  690. Blind SQL Injection on DoD Site to U.S. Dept Of Defense - 3 upvotes, $0
  691. █████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
  692. █████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
  693. [██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action to U.S. Dept Of Defense - 3 upvotes, $0
  694. Sensitive Information Leaking Through DoD Owned Website. [██████████] to U.S. Dept Of Defense - 3 upvotes, $0
  695. Improper Neutralization of Input During Web Page Generation to U.S. Dept Of Defense - 3 upvotes, $0
  696. Sensitive Information Leaking Through DARPA Website. [█████████] to U.S. Dept Of Defense - 3 upvotes, $0
  697. Domian Takeover in [███████] to U.S. Dept Of Defense - 3 upvotes, $0
  698. XSS Reflected to U.S. Dept Of Defense - 3 upvotes, $0
  699. Reflected XSS on ███████ page to U.S. Dept Of Defense - 3 upvotes, $0
  700. Reflected XSS in https://███████ via search parameter to U.S. Dept Of Defense - 3 upvotes, $0
  701. PII Leak (such as CAC User ID) at https://████████/pages/login.aspx to U.S. Dept Of Defense - 3 upvotes, $0
  702. POST based RXSS on https://█████ via frm_email parameter to U.S. Dept Of Defense - 3 upvotes, $0
  703. SSRF in login page using fetch API exposes victims IP address to attacker controled server to U.S. Dept Of Defense - 3 upvotes, $0
  704. Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 3 upvotes, $0
  705. Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 3 upvotes, $0
  706. Members Personal Information Leak Due to IDOR to U.S. Dept Of Defense - 3 upvotes, $0
  707. XSS due to CVE-2020-3580 [███.mil] to U.S. Dept Of Defense - 3 upvotes, $0
  708. [CVE-2021-29156] LDAP Injection at https://██████ to U.S. Dept Of Defense - 3 upvotes, $0
  709. https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability) to U.S. Dept Of Defense - 3 upvotes, $0
  710. System Error Reveals SQL Information to U.S. Dept Of Defense - 3 upvotes, $0
  711. Reflected XSS at https://██████/██████████ via "████████" parameter to U.S. Dept Of Defense - 3 upvotes, $0
  712. Reflected XSS at https://██████/██████ via "██████" parameter to U.S. Dept Of Defense - 3 upvotes, $0
  713. CUI Labelled document out in the open to U.S. Dept Of Defense - 3 upvotes, $0
  714. IDOR - Delete Users Saved Projects to U.S. Dept Of Defense - 3 upvotes, $0
  715. CSRF - Modify User Settings with one click - Account TakeOver to U.S. Dept Of Defense - 3 upvotes, $0
  716. XSS Reflected - ███ to U.S. Dept Of Defense - 3 upvotes, $0
  717. Bypassing CORS Misconfiguration Leads to Sensitive Exposure at https://███/ to U.S. Dept Of Defense - 3 upvotes, $0
  718. XSS on https://██████/███ via █████ parameter to U.S. Dept Of Defense - 3 upvotes, $0
  719. Reflected XSS [███] to U.S. Dept Of Defense - 3 upvotes, $0
  720. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 3 upvotes, $0
  721. XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 3 upvotes, $0
  722. RXSS on █████████ to U.S. Dept Of Defense - 3 upvotes, $0
  723. Reflected Xss in [██████] to U.S. Dept Of Defense - 3 upvotes, $0
  724. [HTA2] Receiving████ access request on @wearehackerone.com email address to U.S. Dept Of Defense - 2 upvotes, $750
  725. Information disclosure on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  726. Reflected XSS vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  727. Stored XSS vulnerability on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  728. Reflected XSS on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  729. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  730. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  731. 2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929 to U.S. Dept Of Defense - 2 upvotes, $0
  732. Illegal account registration in ████████ to U.S. Dept Of Defense - 2 upvotes, $0
  733. Multiple cryptographic vulnerabilities in login page on ███████ to U.S. Dept Of Defense - 2 upvotes, $0
  734. █████ - Pre-generation of VIEWSTATE allows CAC bypass to U.S. Dept Of Defense - 2 upvotes, $0
  735. Followup - SQL Injection - https://██████████/██████/MSI.portal to U.S. Dept Of Defense - 2 upvotes, $0
  736. Padding Oracle ms10-070 in the a DoD website (https://██████/) to U.S. Dept Of Defense - 2 upvotes, $0
  737. Admin Login Credential Leak for DoD Gitlab EE instance to U.S. Dept Of Defense - 2 upvotes, $0
  738. Username&password is Disclosure in readme file in [https://█████████] to U.S. Dept Of Defense - 2 upvotes, $0
  739. Sensitive Information Leaking Through Navy Website. [█████] to U.S. Dept Of Defense - 2 upvotes, $0
  740. Reflected XSS on https://███████/ to U.S. Dept Of Defense - 2 upvotes, $0
  741. Access to Unclassified / FOUO Advanced Motion Platform of █████████.mil to U.S. Dept Of Defense - 2 upvotes, $0
  742. SharePoint Web Services Exposed to Anonymous Access to U.S. Dept Of Defense - 2 upvotes, $0
  743. Reflected XSS - https://███ to U.S. Dept Of Defense - 2 upvotes, $0
  744. [CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol! to U.S. Dept Of Defense - 2 upvotes, $0
  745. Sensitive information on ██████████ to U.S. Dept Of Defense - 2 upvotes, $0
  746. XSS due to CVE-2020-3580 [███] to U.S. Dept Of Defense - 2 upvotes, $0
  747. Information disclosure at '████████' --- CVE-2020-14179 to U.S. Dept Of Defense - 2 upvotes, $0
  748. RXSS Via URI Path - https://██████████/ to U.S. Dept Of Defense - 2 upvotes, $0
  749. Reflected XSS in https://███████ via hidden parameter "████████" to U.S. Dept Of Defense - 2 upvotes, $0
  750. ███ ████████ running a vulnerable log4j to U.S. Dept Of Defense - 2 upvotes, $0
  751. Reflected XSS at https://██████████/████████ via "███████" parameter to U.S. Dept Of Defense - 2 upvotes, $0
  752. CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████ to U.S. Dept Of Defense - 2 upvotes, $0
  753. [www.█████] Path-based reflected Cross Site Scripting to U.S. Dept Of Defense - 2 upvotes, $0
  754. CORS Misconfiguration to U.S. Dept Of Defense - 2 upvotes, $0
  755. Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████ to U.S. Dept Of Defense - 2 upvotes, $0
  756. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 2 upvotes, $0
  757. Directory Traversal at █████ to U.S. Dept Of Defense - 2 upvotes, $0
  758. IDOR Lead To VIEW & DELETE & Create api_key [HtUS] to U.S. Dept Of Defense - 2 upvotes, $0
  759. an internel important paths disclosure [HtUS] to U.S. Dept Of Defense - 2 upvotes, $0
  760. STORED XSS in █████████/nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS] to U.S. Dept Of Defense - 2 upvotes, $0
  761. Reflected XSS | https://████ to U.S. Dept Of Defense - 2 upvotes, $0
  762. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 1 upvotes, $0
  763. SQL injection found in US Navy Website (http://███/) to U.S. Dept Of Defense - 1 upvotes, $0
  764. Access to job creation web page on http://████████ to U.S. Dept Of Defense - 1 upvotes, $0
  765. Content-Injection/XSS ████ to U.S. Dept Of Defense - 1 upvotes, $0
  766. [https://███] Local File Inclusion via graph.php to U.S. Dept Of Defense - 1 upvotes, $0
  767. Publicly accessible Grafana install allows pivoting to Prometheus datasource to U.S. Dept Of Defense - 1 upvotes, $0
  768. Unencrypted __VIEWSTATE parameter in a DoD website to U.S. Dept Of Defense - 1 upvotes, $0
  769. [██████████] — Directory traversal via /aerosol-bin/███████/display_directory_████_t.cgi to U.S. Dept Of Defense - 1 upvotes, $0
  770. PulseSSL VPN Site with Compromised Creds @ ████ to U.S. Dept Of Defense - 1 upvotes, $0
  771. https://█████ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability to U.S. Dept Of Defense - 1 upvotes, $0
  772. Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 1 upvotes, $0
  773. SharePoint Web Services Exposed to Anonymous Access to U.S. Dept Of Defense - 1 upvotes, $0
  774. Reflected XSS on https://█████ to U.S. Dept Of Defense - 1 upvotes, $0
  775. xss reflected on https://███████- (███ parameters) to U.S. Dept Of Defense - 1 upvotes, $0
  776. XSS Reflected on https://███ (███ parameter) to U.S. Dept Of Defense - 1 upvotes, $0
  777. CUI labled and ████ and ██████ Restricted ██████ intelligence to U.S. Dept Of Defense - 1 upvotes, $0
  778. Reflected XSS on https://███/████via hidden parameter "█████████" to U.S. Dept Of Defense - 1 upvotes, $0
  779. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 1 upvotes, $0
  780. RXSS ON https://██████████ to U.S. Dept Of Defense - 1 upvotes, $0
  781. (CORS) Cross-origin resource sharing misconfiguration on https://█████████ to U.S. Dept Of Defense - 1 upvotes, $0
  782. XSS because of Akamai ARL misconfiguration on ████ to U.S. Dept Of Defense - 1 upvotes, $0
  783. Reflected XSS - in Email Input to U.S. Dept Of Defense - 1 upvotes, $0
  784. Arbitrary File Deletion (CVE-2020-3187) on ████████ to U.S. Dept Of Defense - 1 upvotes, $0
  785. CVE-2020-3452 on https://█████/ to U.S. Dept Of Defense - 1 upvotes, $0
  786. XSS on https://███████/██████████ parameter to U.S. Dept Of Defense - 1 upvotes, $0
  787. XSS on https://████████/████' parameter to U.S. Dept Of Defense - 1 upvotes, $0
  788. ██████_log4j - https://██████ to U.S. Dept Of Defense - 1 upvotes, $0
  789. solr_log4j - http://██████████ to U.S. Dept Of Defense - 1 upvotes, $0
  790. Unprotected ██████ and Test site API Exposes Documents, Credentials, and Emails in ██████████ Proposal System to U.S. Dept Of Defense - 1 upvotes, $0
  791. Two Error-Based SQLi in courses.aspx on ██████████ to U.S. Dept Of Defense - 0 upvotes, $0
  792. SQL Injection - https://███/█████████/MSI.portal to U.S. Dept Of Defense - 0 upvotes, $0
  793. Stored XSS on ████████helpdesk to U.S. Dept Of Defense - 0 upvotes, $0
  794. Sensitive information on '████████' to U.S. Dept Of Defense - 0 upvotes, $0
  795. CUI labled and ████ Restricted pdf on █████ to U.S. Dept Of Defense - 0 upvotes, $0
  796. Access to admininstrative resources/account via path traversal to U.S. Dept Of Defense - 0 upvotes, $0