TOPUSDEPTOFDEFENSE.md

Top reports from U.S. Dept Of Defense program at HackerOne:

1. Stored Xss Vulnerability on ████████ to U.S. Dept Of Defense - 192 upvotes, $0
2. Bypassing CORS Misconfiguration Leads to Sensitive Exposure to U.S. Dept Of Defense - 145 upvotes, $0
3. Applicant security exam Attachments/Documents accessible through an IDOR/BAC on the custom Apex controller on https://█████.mil to U.S. Dept Of Defense - 139 upvotes, $0
4. Public instance of Jenkins on https://██████████/ with /script enabled to U.S. Dept Of Defense - 118 upvotes, $0
5. Remote Code Execution and AWS IAM Credentials Exfiltration in https://████████/ to U.S. Dept Of Defense - 114 upvotes, $0
6. [hta3] Remote Code Execution on ████ to U.S. Dept Of Defense - 104 upvotes, $0
7. Wordpress Takeover using setup configuration at http://████.edu [HtUS] to U.S. Dept Of Defense - 102 upvotes, $1000
8. Lack of rate limiting in https://███/PKI/PassReset.aspx leads to PII disclosure and potential account takeover to U.S. Dept Of Defense - 98 upvotes, $0
9. XXE in DoD website that may lead to RCE to U.S. Dept Of Defense - 97 upvotes, $0
10. [███████] Information disclosure due unauthenticated access to APIs and system browser functions to U.S. Dept Of Defense - 97 upvotes, $0
11. Public google drive link Exposes Military Orders Containing PII (Name, SSN etc..) and Operational Details to U.S. Dept Of Defense - 96 upvotes, $0
12. Time based SQL injection at████████ to U.S. Dept Of Defense - 95 upvotes, $0
13. Remote Code Execution in ██████ to U.S. Dept Of Defense - 94 upvotes, $0
14. LOGJ4 VUlnerability [HtUS] to U.S. Dept Of Defense - 93 upvotes, $1000
15. ███ leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions to U.S. Dept Of Defense - 89 upvotes, $0
16. SQL Injection to U.S. Dept Of Defense - 88 upvotes, $0
17. [SQLI ]Time Bassed Injection at ██████████ via referer header to U.S. Dept Of Defense - 86 upvotes, $0
18. User automatically logged in as Sys Admin user on https://███/Administration/Administration.aspx to U.S. Dept Of Defense - 86 upvotes, $0
19. CSRF leads to Account takeover to U.S. Dept Of Defense - 85 upvotes, $0
20. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 84 upvotes, $0
21. Publicly Editable U.S. Air Force Google Spreadsheet Exposing Student Leave Data to U.S. Dept Of Defense - 83 upvotes, $0
22. SQL Injection on www.██████████ on countID parameter to U.S. Dept Of Defense - 79 upvotes, $0
23. Blind Sql Injection in https://████ to U.S. Dept Of Defense - 79 upvotes, $0
24. Improper Authentication Allows Making Appeals as Other Users to U.S. Dept Of Defense - 76 upvotes, $0
25. IDOR leading unauthenticated attacker to download documents discloses PII of users and soldiers via https://www.█████████/Download.aspx?id= [HtUS] to U.S. Dept Of Defense - 73 upvotes, $500
26. SQL Injection in ████ to U.S. Dept Of Defense - 72 upvotes, $0
27. CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 70 upvotes, $0
28. Full account takeover of any user through reset password to U.S. Dept Of Defense - 69 upvotes, $0
29. Unauthenticated LFI (Local File Inclusion) using the symbol ! At the target https://████/ to U.S. Dept Of Defense - 69 upvotes, $0
30. Exposure of Private Personal Information to an Unauthorized Actor - PII and soldier data (mos, schools, and speciality training) to U.S. Dept Of Defense - 69 upvotes, $0
31. RCE on █████ via CVE-2017-10271 to U.S. Dept Of Defense - 68 upvotes, $0
32. [█████████] Administrative access to Oracle WebLogic Server using default credentials to U.S. Dept Of Defense - 65 upvotes, $0
33. Improper Authentication (Login without Registration with any user) at ████ to U.S. Dept Of Defense - 65 upvotes, $0
34. CSRF leads to Account takeover to U.S. Dept Of Defense - 65 upvotes, $0
35. Boolen Based Blind Sql Injection Via User Agent in ███.mil to U.S. Dept Of Defense - 65 upvotes, $0
36. Subdomain takeover ████████.mil to U.S. Dept Of Defense - 62 upvotes, $0
37. IDOR leads to PII Leak to U.S. Dept Of Defense - 61 upvotes, $0
38. CVE-2020-7961 RCE Liferay Portal Unauthenticated via https://████████/ to U.S. Dept Of Defense - 61 upvotes, $0
39. Unauthenticated SQL Injection at █████████ [HtUS] to U.S. Dept Of Defense - 60 upvotes, $0
40. LFI with potential to RCE on ██████ using CVE-2019-3396 to U.S. Dept Of Defense - 58 upvotes, $0
41. CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman to U.S. Dept Of Defense - 58 upvotes, $0
42. Authentication Bypass on https://███████/ to U.S. Dept Of Defense - 57 upvotes, $0
43. Remote Code Execution through DNN Cookie Deserialization to U.S. Dept Of Defense - 56 upvotes, $0
44. Reflected XSS via Keycloak on ███ [CVE-2021-20323] to U.S. Dept Of Defense - 55 upvotes, $0
45. Sensitive data exposure: █████████ candidate resumes/CVs available to download with no authentication through BAC/IDOR/Improper Salesforce config to U.S. Dept Of Defense - 55 upvotes, $0
46. Sensitive data exposure via /secure/███████ endpoint on ████████ to U.S. Dept Of Defense - 55 upvotes, $0
47. SSRF to read AWS metaData at https://█████/ [HtUS] to U.S. Dept Of Defense - 54 upvotes, $1000
48. Subdomain takeover ██████ to U.S. Dept Of Defense - 54 upvotes, $0
49. Open Akamai ARL XSS on http://master-config-████████ to U.S. Dept Of Defense - 53 upvotes, $0
50. Time-based blind SQL injection to U.S. Dept Of Defense - 52 upvotes, $0
51. Local File Disclosure on the █████ (https://████████.edu/) leads to the full source code disclosure and credentials leak to U.S. Dept Of Defense - 51 upvotes, $0
52. XSS found for https://█████████ to U.S. Dept Of Defense - 51 upvotes, $0
53. IDOR to delete profile images in https:███████ to U.S. Dept Of Defense - 50 upvotes, $0
54. Local File Inclusion vulnerability on an Army system allows downloading local files to U.S. Dept Of Defense - 48 upvotes, $0
55. SQL Injection in ████ to U.S. Dept Of Defense - 48 upvotes, $0
56. Information disclousure by clicking on the link shown in http://████████/ to U.S. Dept Of Defense - 48 upvotes, $0
57. Log4Shell: RCE 0-day exploit on █████████ to U.S. Dept Of Defense - 48 upvotes, $0
58. XSS on ███████ to U.S. Dept Of Defense - 48 upvotes, $0
59. Unauthenticated Access to Admin Panel Functions at https://██████████/████████ to U.S. Dept Of Defense - 47 upvotes, $0
60. Pull Any Automated Record Brief to U.S. Dept Of Defense - 47 upvotes, $0
61. Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████] to U.S. Dept Of Defense - 46 upvotes, $0
62. SSRF in Functional Administrative Support Tool pdf generator (████) [HtUS] to U.S. Dept Of Defense - 45 upvotes, $4000
63. SQL Injection vulnerability located at ████████ to U.S. Dept Of Defense - 45 upvotes, $0
64. Remote Code Execution via Insecure Deserialization in Telerik UI to U.S. Dept Of Defense - 45 upvotes, $0
65. Xss - ███ to U.S. Dept Of Defense - 45 upvotes, $0
66. Reflected Cross-site Scripting via search query on ██████ to U.S. Dept Of Defense - 45 upvotes, $0
67. CSRF Attack on changing security questions leads to full Account TakeOver to U.S. Dept Of Defense - 44 upvotes, $0
68. Gateway information leakage to U.S. Dept Of Defense - 43 upvotes, $0
69. Reflected XSS on error message on Login Page to U.S. Dept Of Defense - 43 upvotes, $0
70. reflected xss [CVE-2020-3580] to U.S. Dept Of Defense - 43 upvotes, $0
71. [HTAF4-213] [Pre-submission] HTTPOnly session cookie exposure on the /csstest endpoint to U.S. Dept Of Defense - 43 upvotes, $0
72. Leaked DB credentials on https://██████████.mil/███ to U.S. Dept Of Defense - 42 upvotes, $0
73. XSS vulnerability found in javascript code of https://███.mil to U.S. Dept Of Defense - 42 upvotes, $0
74. █████████ (Android): Vulnerable to Javascript Injection and Open redirect to U.S. Dept Of Defense - 41 upvotes, $0
75. Account takeover through CSRF in http://███████/██████████/default.asp to U.S. Dept Of Defense - 40 upvotes, $0
76. 403 Forbidden Bypass at www.██████.mil to U.S. Dept Of Defense - 40 upvotes, $0
77. HTTP Request Smuggling to U.S. Dept Of Defense - 40 upvotes, $0
78. IDOR leads to view other user Biographical details (Possible PII LEAK) to U.S. Dept Of Defense - 40 upvotes, $0
79. Open Akamai ARL XSS on http://media.████████ to U.S. Dept Of Defense - 40 upvotes, $0
80. DoD workstation exposed to internet via TinyPilot KVM with no authentication to U.S. Dept Of Defense - 40 upvotes, $0
81. Cross Site Scripting to U.S. Dept Of Defense - 40 upvotes, $0
82. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████ to U.S. Dept Of Defense - 39 upvotes, $0
83. [HTA2] Authorization Bypass on https://██████ leaks confidential aircraft/missile information to U.S. Dept Of Defense - 39 upvotes, $0
84. Blind Sql Injection https:/████████ to U.S. Dept Of Defense - 39 upvotes, $0
85. XSS found in https://www.████████.mil to U.S. Dept Of Defense - 39 upvotes, $0
86. RCE in ███ [CVE-2021-26084] to U.S. Dept Of Defense - 38 upvotes, $0
87. IDOR : Modify other users demographic details to U.S. Dept Of Defense - 38 upvotes, $0
88. Create account without auth via response manipulation to U.S. Dept Of Defense - 38 upvotes, $0
89. Unauthenticated Jenkins instance exposed information related to █████ to U.S. Dept Of Defense - 37 upvotes, $0
90. Critical sensitive information Disclosure. [HtUS] to U.S. Dept Of Defense - 36 upvotes, $500
91. XXE on DoD web server to U.S. Dept Of Defense - 36 upvotes, $0
92. Web Cache Poisoning on █████ to U.S. Dept Of Defense - 36 upvotes, $0
93. [HTA2] XXE on https://███ via SpellCheck Endpoint. to U.S. Dept Of Defense - 36 upvotes, $0
94. Unathenticated file read (CVE-2020-3452) to U.S. Dept Of Defense - 36 upvotes, $0
95. Xss Parameter: /<s>/[*]/<s>.css ████████ to U.S. Dept Of Defense - 36 upvotes, $0
96. Course Registration Form Allowing an attacker to dump all the candidate name who had enrolled for the course to U.S. Dept Of Defense - 36 upvotes, $0
97. Subdomain Takeover via Host Header Injection on www.█████ to U.S. Dept Of Defense - 35 upvotes, $0
98. [██████] Cross-origin resource sharing misconfiguration (CORS) to U.S. Dept Of Defense - 34 upvotes, $0
99. XSS in Cisco Endpoint to U.S. Dept Of Defense - 34 upvotes, $0
100. SQL injection on ██████████ via 'where' parameter to U.S. Dept Of Defense - 34 upvotes, $0
101. Blind Stored XSS Payload fired at the backend on https://█████████/ to U.S. Dept Of Defense - 33 upvotes, $0
102. POST based RXSS on https://███████/ via ███ parameter to U.S. Dept Of Defense - 33 upvotes, $0
103. EC2 subdomain takeover at http://████████/ to U.S. Dept Of Defense - 33 upvotes, $0
104. Subdomain takeover of █████████ to U.S. Dept Of Defense - 33 upvotes, $0
105. CSRF Attack leads to delete album at to U.S. Dept Of Defense - 33 upvotes, $0
106. SSRF+XSS to U.S. Dept Of Defense - 32 upvotes, $0
107. SQL injection my method -1 OR 321=6 AND 000159=000159 to U.S. Dept Of Defense - 32 upvotes, $0
108. Splunk Sensitive Information Disclosure @████████ to U.S. Dept Of Defense - 32 upvotes, $0
109. RCE via File Upload with a Null Byte Truncated File Extension at https://██████/ to U.S. Dept Of Defense - 32 upvotes, $0
110. Unrestricted File Upload to U.S. Dept Of Defense - 31 upvotes, $0
111. Remote code execution on an Army website to U.S. Dept Of Defense - 31 upvotes, $0
112. Pulse Secure File disclosure, clear text and potential RCE to U.S. Dept Of Defense - 31 upvotes, $0
113. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███) to U.S. Dept Of Defense - 31 upvotes, $0
114. Automatic Admin Access to U.S. Dept Of Defense - 31 upvotes, $0
115. CSRF to XSS to U.S. Dept Of Defense - 31 upvotes, $0
116. SOAP WSDL Parser SQL Code Execution to U.S. Dept Of Defense - 30 upvotes, $0
117. SSRF vulnerability on ██████████ leaks internal IP and various sensitive information to U.S. Dept Of Defense - 30 upvotes, $0
118. Default Admin Username and Password on █████ Server at █████████mil to U.S. Dept Of Defense - 30 upvotes, $0
119. SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS] to U.S. Dept Of Defense - 30 upvotes, $0
120. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 29 upvotes, $0
121. Information Disclosure to U.S. Dept Of Defense - 29 upvotes, $0
122. SQL injection to U.S. Dept Of Defense - 29 upvotes, $0
123. Trace.axd page leaks sensitive information to U.S. Dept Of Defense - 29 upvotes, $0
124. █████████ IDOR leads to disclosure of PHI/PII to U.S. Dept Of Defense - 29 upvotes, $0
125. DoD internal documents are leaked to the public to U.S. Dept Of Defense - 29 upvotes, $0
126. SQL injection at [https://█████████] [HtUS] to U.S. Dept Of Defense - 29 upvotes, $0
127. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 29 upvotes, $0
128. [███████] Remote Code Execution at ██████ [CVE-2021-44529] [HtUS] to U.S. Dept Of Defense - 28 upvotes, $1000
129. Reflected Xss to U.S. Dept Of Defense - 28 upvotes, $0
130. Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 28 upvotes, $0
131. [hta3] Remote Code Execution on https://███ via improper access control to SCORM Zip upload/import to U.S. Dept Of Defense - 28 upvotes, $0
132. Reflected xss on https://█████████ to U.S. Dept Of Defense - 28 upvotes, $0
133. [HTAF4-213] [Pre-submission] Unsafe AMF deserialization (CVE-2017-5641) in Apache Flex BlazeDS at the https://www.███████/daip/messagebroker/amf to U.S. Dept Of Defense - 28 upvotes, $0
134. Endpoint Redirects to Admin Page and Provides Admin role to U.S. Dept Of Defense - 28 upvotes, $0
135. Blind Stored XSS on the internal host - █████████████ to U.S. Dept Of Defense - 28 upvotes, $0
136. Unauthorized Access Exposing Sensitive Data to U.S. Dept Of Defense - 28 upvotes, $0
137. RCE on a Department of Defense website to U.S. Dept Of Defense - 27 upvotes, $0
138. CSRF to Cross-site Scripting (XSS) to U.S. Dept Of Defense - 27 upvotes, $0
139. Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935) to U.S. Dept Of Defense - 27 upvotes, $0
140. Unauthenticated Blind SSRF at https://█████ via xmlrpc.php file to U.S. Dept Of Defense - 27 upvotes, $0
141. Information Disclosure in API Endpoint /users to U.S. Dept Of Defense - 27 upvotes, $0
142. Video player on ███ allows arbitrary remote videos to be played to U.S. Dept Of Defense - 26 upvotes, $0
143. Command Injection (via CVE-2019-11510 and CVE-2019-11539) to U.S. Dept Of Defense - 26 upvotes, $0
144. SQL Injection in the move_papers.php on the https://██████████ to U.S. Dept Of Defense - 26 upvotes, $0
145. IDOR to Account Takeover on https://████/index.html to U.S. Dept Of Defense - 26 upvotes, $0
146. IDOR while uploading ████ attachments at [█████████] to U.S. Dept Of Defense - 26 upvotes, $0
147. Reflected XSS to U.S. Dept Of Defense - 26 upvotes, $0
148. Docker Registry without authentication leads to docker images download to U.S. Dept Of Defense - 26 upvotes, $0
149. ██████ SSN/EDPI to U.S. Dept Of Defense - 26 upvotes, $0
150. XSS Reflected to U.S. Dept Of Defense - 26 upvotes, $0
151. [ CVE-2018-1000129 ] RXSS At https://███████ via the URI to U.S. Dept Of Defense - 26 upvotes, $0
152. Request smuggling on ████████ to U.S. Dept Of Defense - 25 upvotes, $0
153. ████ - Complete account takeover to U.S. Dept Of Defense - 25 upvotes, $0
154. Local File Inclusion in download.php to U.S. Dept Of Defense - 25 upvotes, $0
155. Examples directory is PUBLIC on https://████████mil, leading to multiple vulns to U.S. Dept Of Defense - 24 upvotes, $0
156. CSRF Account Deletion on ███ Website to U.S. Dept Of Defense - 24 upvotes, $0
157. Apache solr RCE via velocity template to U.S. Dept Of Defense - 24 upvotes, $0
158. Leaks of username and password leads to CVE-2018-18862 exploitation to U.S. Dept Of Defense - 24 upvotes, $0
159. Reflected XSS via Moodle on ███ [CVE-2022-35653] to U.S. Dept Of Defense - 24 upvotes, $0
160. Access to all █████████ files, including CAC authentication bypass to U.S. Dept Of Defense - 23 upvotes, $0
161. SQL injection on the https://████/ to U.S. Dept Of Defense - 23 upvotes, $0
162. SSRF on █████████ Allowing internal server data access to U.S. Dept Of Defense - 23 upvotes, $0
163. Reflected XSS in https://www.█████/ to U.S. Dept Of Defense - 23 upvotes, $0
164. Full account takeover on https://████████.mil to U.S. Dept Of Defense - 23 upvotes, $0
165. Sensitive information disclosure [HtUS] to U.S. Dept Of Defense - 23 upvotes, $0
166. Client side authentication leads to Auth Bypass to U.S. Dept Of Defense - 23 upvotes, $0
167. Information Disclosure FrontPage Configuration Information to U.S. Dept Of Defense - 23 upvotes, $0
168. CVE-2021-39226 Discovered on endpoint https://██████/api/snapshots to U.S. Dept Of Defense - 23 upvotes, $0
169. Email Takeover leads to permanent account deletion to U.S. Dept Of Defense - 23 upvotes, $0
170. [Partial] SSN & [PII] exposed through iPERMs Presentation Slide. to U.S. Dept Of Defense - 22 upvotes, $0
171. Subdomain takeover due to an unclaimed Amazon S3 bucket on ███ to U.S. Dept Of Defense - 22 upvotes, $0
172. Password Reset link hijacking via Host Header Poisoning leads to account takeover to U.S. Dept Of Defense - 22 upvotes, $0
173. IDOR leaking PII data via VendorId parameter to U.S. Dept Of Defense - 22 upvotes, $0
174. Resource Injection - [████████] to U.S. Dept Of Defense - 22 upvotes, $0
175. CSRF Attack leads to delete album at ████████ to U.S. Dept Of Defense - 22 upvotes, $0
176. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ to U.S. Dept Of Defense - 21 upvotes, $0
177. CSRF - Close Account to U.S. Dept Of Defense - 21 upvotes, $0
178. Reflected XSS in https://www.██████/ to U.S. Dept Of Defense - 21 upvotes, $0
179. SQL Injection on █████ to U.S. Dept Of Defense - 21 upvotes, $0
180. WordPress application vulnerable to DoS attack via wp-cron.php to U.S. Dept Of Defense - 21 upvotes, $0
181. Reflected XSS in ████████████ to U.S. Dept Of Defense - 21 upvotes, $0
182. Default Admin Username and Password on ███ to U.S. Dept Of Defense - 21 upvotes, $0
183. Full Access to sonarQube and Docker to U.S. Dept Of Defense - 21 upvotes, $0
184. XML External Entity (XXE) Injection to U.S. Dept Of Defense - 21 upvotes, $0
185. ███████ Site Exposes █████████ forms to U.S. Dept Of Defense - 20 upvotes, $0
186. Path traversal on https://███ allows arbitrary file read (CVE-2020-3452) to U.S. Dept Of Defense - 20 upvotes, $0
187. critical information disclosure to U.S. Dept Of Defense - 20 upvotes, $0
188. Self stored Xss + Login Csrf to U.S. Dept Of Defense - 20 upvotes, $0
189. time based SQL injection at [https://███] [HtUS] to U.S. Dept Of Defense - 20 upvotes, $0
190. [████████] RXSS via "CurrentFolder" parameter to U.S. Dept Of Defense - 20 upvotes, $0
191. Parâmetro XSS: Nome de usuário - █████████ to U.S. Dept Of Defense - 20 upvotes, $0
192. Misconfigured password reset vulnerability on a DoD website to U.S. Dept Of Defense - 19 upvotes, $0
193. ███ exposes sensitive shipment information to public web to U.S. Dept Of Defense - 19 upvotes, $0
194. IDOR on DoD Website exposes FTP users and passes linked to all accounts! to U.S. Dept Of Defense - 19 upvotes, $0
195. [REMOTE] Full Account Takeover At https://██████████████/CAS/ to U.S. Dept Of Defense - 19 upvotes, $0
196. Publicly accessible Order confirmations leaking User Emails on ███ to U.S. Dept Of Defense - 19 upvotes, $0
197. Remote Code Execution on █████████ to U.S. Dept Of Defense - 19 upvotes, $0
198. https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD to U.S. Dept Of Defense - 19 upvotes, $0
199. [CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████ to U.S. Dept Of Defense - 19 upvotes, $0
200. Reflected XSS on ███ to U.S. Dept Of Defense - 19 upvotes, $0
201. Blind SQL iNJECTION to U.S. Dept Of Defense - 19 upvotes, $0
202. [hta3] Chain of ESI Injection & Reflected XSS leading to Account Takeover on [███] to U.S. Dept Of Defense - 19 upvotes, $0
203. Host Header Injection on https://███/████████/Account/ForgotPassword to U.S. Dept Of Defense - 19 upvotes, $0
204. Reflected XSS on ██████.mil to U.S. Dept Of Defense - 19 upvotes, $0
205. [CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (████.███.mil) to U.S. Dept Of Defense - 19 upvotes, $0
206. Restrict any user from Login to their account to U.S. Dept Of Defense - 19 upvotes, $0
207. Unauthenticated arbitrary file upload on the https://█████/ (█████████) to U.S. Dept Of Defense - 19 upvotes, $0
208. Unauthenticated Users Can Access Other Users’ Bug Report Attachments via Broken Access Control to U.S. Dept Of Defense - 19 upvotes, $0
209. Partial SSN exposed through Presentation slides on ██████████ to U.S. Dept Of Defense - 18 upvotes, $0
210. Subdomain takeover of ████ to U.S. Dept Of Defense - 18 upvotes, $0
211. ███ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability to U.S. Dept Of Defense - 18 upvotes, $0
212. XSS Reflect to POST █████ to U.S. Dept Of Defense - 18 upvotes, $0
213. IDOR to U.S. Dept Of Defense - 18 upvotes, $0
214. RCE on ███████ [CVE-2021-26084] to U.S. Dept Of Defense - 18 upvotes, $0
215. Reflective Cross Site Scripting (XSS) on ███████/Pages to U.S. Dept Of Defense - 18 upvotes, $0
216. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
217. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
218. Remote Code Execution (RCE) in DoD Websites to U.S. Dept Of Defense - 17 upvotes, $0
219. PII leakage due to scrceenshot of health records to U.S. Dept Of Defense - 17 upvotes, $0
220. Self XSS combine CSRF at https://████████/index.php to U.S. Dept Of Defense - 17 upvotes, $0
221. Remote Code Execution via CVE-2019-18935 to U.S. Dept Of Defense - 17 upvotes, $0
222. CSRF to account takeover in https://███████.mil/ to U.S. Dept Of Defense - 17 upvotes, $0
223. ███ on https://████ enable ███ scraping, injection, stored XSS to U.S. Dept Of Defense - 17 upvotes, $0
224. RXSS - https://████████/ to U.S. Dept Of Defense - 17 upvotes, $0
225. SQL injection at [█████████] [HtUS] to U.S. Dept Of Defense - 17 upvotes, $0
226. IDOR when editing email leads to Mass Full ATOs (Account Takeovers) without user interaction on https://██████/ to U.S. Dept Of Defense - 17 upvotes, $0
227. [CVE-2018-0296] Cisco VPN path traversal on the https://███ (████████████████) to U.S. Dept Of Defense - 17 upvotes, $0
228. Unauth IDOR to mass account takeover without user interaction on the ███████ (https://███████.edu/) to U.S. Dept Of Defense - 17 upvotes, $0
229. CSRF to ATO at https://█████/user/account [HtUS] to U.S. Dept Of Defense - 16 upvotes, $500
230. Blind stored XSS due to insecure contact form at https://█████.mil leads to leakage of session token and to U.S. Dept Of Defense - 16 upvotes, $0
231. Old Session Does Not Expires After Password Change to U.S. Dept Of Defense - 16 upvotes, $0
232. Reflected XSS on https://█████████/ to U.S. Dept Of Defense - 16 upvotes, $0
233. XSS via X-Forwarded-Host header to U.S. Dept Of Defense - 16 upvotes, $0
234. Expired SSL Certificate allows credentials steal to U.S. Dept Of Defense - 16 upvotes, $0
235. Arbitrary File Read at ███ via filename parameter to U.S. Dept Of Defense - 16 upvotes, $0
236. reflected xss in www.████████.gov to U.S. Dept Of Defense - 16 upvotes, $0
237. [CVE-2018-0296] Cisco VPN path traversal on the https://██████████ to U.S. Dept Of Defense - 16 upvotes, $0
238. HTML Injection into https://www.██████.mil to U.S. Dept Of Defense - 16 upvotes, $0
239. Blind SQL injection on ████████ to U.S. Dept Of Defense - 15 upvotes, $0
240. XSS on www.██████ alerts and a number of other pages to U.S. Dept Of Defense - 15 upvotes, $0
241. [█████] — DOM-based XSS on endpoint /?s= to U.S. Dept Of Defense - 15 upvotes, $0
242. Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 15 upvotes, $0
243. No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service to U.S. Dept Of Defense - 15 upvotes, $0
244. Exposed Docker Registry at https://████ to U.S. Dept Of Defense - 15 upvotes, $0
245. Sensitive information about a ██████ to U.S. Dept Of Defense - 15 upvotes, $0
246. IDOR + Account Takeover [UNAUTHENTICATED] to U.S. Dept Of Defense - 15 upvotes, $0
247. Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak to U.S. Dept Of Defense - 15 upvotes, $0
248. Unauth RCE on Jenkins Instance at https://█████████/ to U.S. Dept Of Defense - 15 upvotes, $0
249. Administration Authentication Bypass on https://█████ to U.S. Dept Of Defense - 15 upvotes, $0
250. CSRF in https://███ to U.S. Dept Of Defense - 15 upvotes, $0
251. Subdomain takeover [​████████] to U.S. Dept Of Defense - 15 upvotes, $0
252. phpinfo() disclosure info to U.S. Dept Of Defense - 15 upvotes, $0
253. Broken Authentication to U.S. Dept Of Defense - 15 upvotes, $0
254. [█████] Bug Reports allow for Unrestricted File Upload to U.S. Dept Of Defense - 15 upvotes, $0
255. CSRF to delete accounts [HtUS] to U.S. Dept Of Defense - 15 upvotes, $0
256. Elasticsearch is currently open without authentication on https://██████l to U.S. Dept Of Defense - 15 upvotes, $0
257. DBMS information getting exposed publicly on -- [ ██████████ ] to U.S. Dept Of Defense - 15 upvotes, $0
258. IDOR Exposes PII of Tens of Thousands of Users and Supervisors to U.S. Dept Of Defense - 15 upvotes, $0
259. CVE‑2025‑4123 — Grafana Open Redirect → Stored XSS → SSRF (Full Read) at ██████ to U.S. Dept Of Defense - 15 upvotes, $0
260. 2FA Bypass via Response Manipulation on Login Page to U.S. Dept Of Defense - 15 upvotes, $0
261. Reflected XSS Vulnerability in SSL VPN Endpoint — CVE-2025-0133 to U.S. Dept Of Defense - 15 upvotes, $0
262. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 14 upvotes, $0
263. Blind SQLi vulnerability in a DoD Website to U.S. Dept Of Defense - 14 upvotes, $0
264. [Critical] Full local fylesystem access (LFI/LFD) as admin via Path Traversal in the misconfigured Java servlet on the https://███/ to U.S. Dept Of Defense - 14 upvotes, $0
265. Open FTP server on a DoD system to U.S. Dept Of Defense - 14 upvotes, $0
266. PII leakage due to caching of Order/Contract ID's on █████████ to U.S. Dept Of Defense - 14 upvotes, $0
267. PII leakage-Full SSN on ███ to U.S. Dept Of Defense - 14 upvotes, $0
268. SSN leak due to editable slides to U.S. Dept Of Defense - 14 upvotes, $0
269. Unrestricted File Upload Leads to XSS & Potential RCE to U.S. Dept Of Defense - 14 upvotes, $0
270. (CORS) Cross-origin resource sharing misconfiguration to U.S. Dept Of Defense - 14 upvotes, $0
271. CORS misconfiguration which leads to the disclosure to U.S. Dept Of Defense - 14 upvotes, $0
272. [SQLI ]Time Bassed Injection at ██████████ via /██████/library.php?c=G14 parameter to U.S. Dept Of Defense - 14 upvotes, $0
273. CSRF to Stored HTML injection at https://www.█████ to U.S. Dept Of Defense - 14 upvotes, $0
274. DOM Based XSS on https://████ via backURL param to U.S. Dept Of Defense - 14 upvotes, $0
275. Reflected XSS through ClickJacking to U.S. Dept Of Defense - 14 upvotes, $0
276. Unauthenticated Access to Admin Panel Functions at https://███████/███ to U.S. Dept Of Defense - 14 upvotes, $0
277. [Urgent] Critical Vulnerability [RCE] on ███ vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635 to U.S. Dept Of Defense - 14 upvotes, $0
278. Account takeover on ███████ [HtUS] to U.S. Dept Of Defense - 14 upvotes, $0
279. xss on reset password page to U.S. Dept Of Defense - 14 upvotes, $0
280. Sql Injection At █████████ to U.S. Dept Of Defense - 14 upvotes, $0
281. [U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions to U.S. Dept Of Defense - 14 upvotes, $0
282. AWS Credentials Disclosure at ███ to U.S. Dept Of Defense - 14 upvotes, $0
283. CORS Misconfiguration in https://████████/accounts/login/ to U.S. Dept Of Defense - 14 upvotes, $0
284. External service interaction ( DNS and HTTP ) in www.████████ to U.S. Dept Of Defense - 14 upvotes, $0
285. CVE-2023-26347 in https://████.mil/hax/..CFIDE/adminapi/administrator.cfc?method=getBuildNumber&_cfclient=true to U.S. Dept Of Defense - 14 upvotes, $0
286. Missing Access Control Allows for User Creation and Privilege Escalation to U.S. Dept Of Defense - 14 upvotes, $0
287. Information Disclosure via Publicly Accessible Debug Log to U.S. Dept Of Defense - 14 upvotes, $0
288. Unrestricted File Download / Path Traversal to U.S. Dept Of Defense - 13 upvotes, $0
289. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
290. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
291. SQL injections to U.S. Dept Of Defense - 13 upvotes, $0
292. http://████/data.json showing users sensitive information via json file to U.S. Dept Of Defense - 13 upvotes, $0
293. Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604) to U.S. Dept Of Defense - 13 upvotes, $0
294. Previously Compromised PulseSSL VPN Hosts to U.S. Dept Of Defense - 13 upvotes, $0
295. CSRF to Cross-site Scripting (XSS) to U.S. Dept Of Defense - 13 upvotes, $0
296. IDOR on https://██████ via POST UID enables database scraping to U.S. Dept Of Defense - 13 upvotes, $0
297. Insufficient Session Expiration on Adobe Connect | https://█████████ to U.S. Dept Of Defense - 13 upvotes, $0
298. XML Injection / External Service Interaction (HTTP/DNS) On https://█████████.mil to U.S. Dept Of Defense - 13 upvotes, $0
299. Reflected XSS at [████████] to U.S. Dept Of Defense - 13 upvotes, $0
300. XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 13 upvotes, $0
301. All private support requests to ███████ are being disclosed at https://███████ to U.S. Dept Of Defense - 13 upvotes, $0
302. CSRF - Delete Account (Urgent) to U.S. Dept Of Defense - 13 upvotes, $0
303. Full account takeover in ███████ due lack of rate limiting in forgot password to U.S. Dept Of Defense - 13 upvotes, $0
304. Stored XSS at https://█████ to U.S. Dept Of Defense - 13 upvotes, $0
305. Reflected cross site scripting in https://███████ to U.S. Dept Of Defense - 13 upvotes, $0
306. Blind SSRF via image upload URL downloader on https://██████/ to U.S. Dept Of Defense - 13 upvotes, $0
307. XSS on ( █████████.gov ) Via URL path to U.S. Dept Of Defense - 13 upvotes, $0
308. Authentication bypass and potential RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 13 upvotes, $0
309. Unauthenticated access to internal API at██████████.███.edu [HtUS] to U.S. Dept Of Defense - 13 upvotes, $0
310. GlobalProtect - OS Command Injection #█████████ to U.S. Dept Of Defense - 13 upvotes, $0
311. DOM Based XSS on an Army website to U.S. Dept Of Defense - 12 upvotes, $0
312. Path traversal on ████████ to U.S. Dept Of Defense - 12 upvotes, $0
313. SQL injection on █████ due to tech.cfm to U.S. Dept Of Defense - 12 upvotes, $0
314. RCE on https://█████/ Using CVE-2017-9248 to U.S. Dept Of Defense - 12 upvotes, $0
315. SQL Injection in Login Page: https://█████/█████████/login.php to U.S. Dept Of Defense - 12 upvotes, $0
316. Local File Inclusion In Registration Page to U.S. Dept Of Defense - 12 upvotes, $0
317. PII Leak of USCG Designated Examiner List at https://www.███ to U.S. Dept Of Defense - 12 upvotes, $0
318. Blind Stored XSS on ███████ leads to takeover admin account to U.S. Dept Of Defense - 12 upvotes, $0
319. External Service Interaction (HTTP/DNS) on https://www.███ (██████████ parameter) to U.S. Dept Of Defense - 12 upvotes, $0
320. Unauthorized access to admin panel of the Questionmark Perception system at https://██████████ to U.S. Dept Of Defense - 12 upvotes, $0
321. CSRF Based XSS @ https://██████████ to U.S. Dept Of Defense - 12 upvotes, $0
322. Rxss on █████████ via logout?service=javascript:alert(1) to U.S. Dept Of Defense - 12 upvotes, $0
323. Unauthorized Access to Internal Server Panel without Authentication to U.S. Dept Of Defense - 12 upvotes, $0
324. Local file read at https://████/ [HtUS] to U.S. Dept Of Defense - 12 upvotes, $0
325. Sensitive Data Exposure at https://█████████ to U.S. Dept Of Defense - 12 upvotes, $0
326. [XSS] Reflected XSS via POST request to U.S. Dept Of Defense - 12 upvotes, $0
327. AEM misconfiguration leads to Information disclosure to U.S. Dept Of Defense - 12 upvotes, $0
328. Unauthorized access to Argo dashboard on █████ to U.S. Dept Of Defense - 12 upvotes, $0
329. Self XSS to U.S. Dept Of Defense - 12 upvotes, $0
330. Publicly Accessible CDN Endpoint Exposing XML Metadata (including ETag) to U.S. Dept Of Defense - 12 upvotes, $0
331. Local File Read vulnerability on ██████████ [HtUS] to U.S. Dept Of Defense - 11 upvotes, $500
332. Authentication bypass vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
333. Reflected cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
334. Local file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
335. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
336. MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass to U.S. Dept Of Defense - 11 upvotes, $0
337. PII/PHI data available on web https://████████Portals/22/Documents/Meetings to U.S. Dept Of Defense - 11 upvotes, $0
338. View another user information with IDOR vulnerability to U.S. Dept Of Defense - 11 upvotes, $0
339. Sensitive Information Leaking Through DoD Owned Website https://www.█████.mil to U.S. Dept Of Defense - 11 upvotes, $0
340. IDOR leads to Leakage an ██████████ Login Information to U.S. Dept Of Defense - 11 upvotes, $0
341. Improper Access Control - Generic on https://████ to U.S. Dept Of Defense - 11 upvotes, $0
342. Path Traversal - [ CVE-2020-3452 ] to U.S. Dept Of Defense - 11 upvotes, $0
343. https://████ is vulnerable to cve-2020-3452 to U.S. Dept Of Defense - 11 upvotes, $0
344. Reflected XSS through clickjacking at https://████ to U.S. Dept Of Defense - 11 upvotes, $0
345. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 11 upvotes, $0
346. Cache Posioning leading to denial of service at █████████ - Bypass fix from report #1198434 to U.S. Dept Of Defense - 11 upvotes, $0
347. Reflected Xss https://██████/ to U.S. Dept Of Defense - 11 upvotes, $0
348. XSS Reflected - ██████████ to U.S. Dept Of Defense - 11 upvotes, $0
349. Authorization bypass -> IDOR -> PII Leakage to U.S. Dept Of Defense - 11 upvotes, $0
350. Broken access control, can lead to legitimate user data loss to U.S. Dept Of Defense - 11 upvotes, $0
351. SQL Injection on https://████████/ to U.S. Dept Of Defense - 11 upvotes, $0
352. Full read SSRF at █████████ [HtUS] to U.S. Dept Of Defense - 11 upvotes, $0
353. .git folder exposed [HtUS] to U.S. Dept Of Defense - 11 upvotes, $0
354. Authentication Bypass Using Default Credentials on █████ to U.S. Dept Of Defense - 11 upvotes, $0
355. xmlrpc.php file enabled at ██████.org to U.S. Dept Of Defense - 11 upvotes, $0
356. Path traversal leads to reading of local files on ███████ and ████ to U.S. Dept Of Defense - 11 upvotes, $0
357. Adobe ColdFusion Access Control Bypass - CVE-2023-38205 to U.S. Dept Of Defense - 11 upvotes, $0
358. Unauthenticated arbitrary file upload on the https://█████/ (█████.mil) to U.S. Dept Of Defense - 11 upvotes, $0
359. Air Force candidate PII + recruitment chat logs accessible via BAC/IDOR on █████████ (very large/significant exposure) to U.S. Dept Of Defense - 11 upvotes, $0
360. Account Takeover via Unverified Email Change and Improper Session Handling to U.S. Dept Of Defense - 11 upvotes, $0
361. Cross-Site Scripting via URL on ████████ to U.S. Dept Of Defense - 11 upvotes, $0
362. Exposed Access Control Data Backup Files on DoD Website to U.S. Dept Of Defense - 10 upvotes, $0
363. File upload vulnerability on a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
364. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
365. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
366. SSRF in ███████ to U.S. Dept Of Defense - 10 upvotes, $0
367. Server-Side Request Forgery (SSRF) to U.S. Dept Of Defense - 10 upvotes, $0
368. [CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc to U.S. Dept Of Defense - 10 upvotes, $0
369. File Upload Restriction Bypass to U.S. Dept Of Defense - 10 upvotes, $0
370. CSRF - Modify Company Info to U.S. Dept Of Defense - 10 upvotes, $0
371. xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php to U.S. Dept Of Defense - 10 upvotes, $0
372. SharePoint Web Services Exposed to Anonymous Access Users to U.S. Dept Of Defense - 10 upvotes, $0
373. Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd to U.S. Dept Of Defense - 10 upvotes, $0
374. SQLi in login form of █████ to U.S. Dept Of Defense - 10 upvotes, $0
375. Unauthenticated Arbitrary File Deletion ("CVE-2020-3187") in ████████ to U.S. Dept Of Defense - 10 upvotes, $0
376. Unauthenticated Arbitrary File Deletion "CVE-2020-3187" in █████ to U.S. Dept Of Defense - 10 upvotes, $0
377. Reflected XSS on https://████/ (Bypass of #1002977) to U.S. Dept Of Defense - 10 upvotes, $0
378. Reflected XSS www.█████ search form to U.S. Dept Of Defense - 10 upvotes, $0
379. Reflected XSS In https://███████ to U.S. Dept Of Defense - 10 upvotes, $0
380. critical information disclosure to U.S. Dept Of Defense - 10 upvotes, $0
381. Git repo on https://██████.mil/ discloses API password to U.S. Dept Of Defense - 10 upvotes, $0
382. Reflected XSS at https://████████/███/... to U.S. Dept Of Defense - 10 upvotes, $0
383. Sending trusted ████ and ██████████ emails through public API endpoint in ███████ site to U.S. Dept Of Defense - 10 upvotes, $0
384. Reflected XSS on https://██████ to U.S. Dept Of Defense - 10 upvotes, $0
385. Reflected XSS to U.S. Dept Of Defense - 10 upvotes, $0
386. Cross site scripting to U.S. Dept Of Defense - 10 upvotes, $0
387. AWS subdomain takeover of www.███████ to U.S. Dept Of Defense - 10 upvotes, $0
388. Reflected XSS on [█████████] to U.S. Dept Of Defense - 10 upvotes, $0
389. Blind SQL Injection to U.S. Dept Of Defense - 10 upvotes, $0
390. lfi in filePathDownload parameter via ███████ to U.S. Dept Of Defense - 10 upvotes, $0
391. The dashboard is exposed in https://███ to U.S. Dept Of Defense - 10 upvotes, $0
392. insecure gitlab repositories at ████████ [HtUS] to U.S. Dept Of Defense - 10 upvotes, $0
393. Account Takeover and Information update due to cross site request forgery via POST █████████/registration/my-account.cfm to U.S. Dept Of Defense - 10 upvotes, $0
394. Found Origin IP's Lead To Access ████ to U.S. Dept Of Defense - 10 upvotes, $0
395. Authentication bypass leads to Information Disclosure at U.S Air Force "https://███" to U.S. Dept Of Defense - 10 upvotes, $0
396. Upload and delete files in debug page without access control. to U.S. Dept Of Defense - 10 upvotes, $0
397. Reflected XSS in ██████ to U.S. Dept Of Defense - 10 upvotes, $0
398. DoS at █████(CVE-2018-6389) to U.S. Dept Of Defense - 10 upvotes, $0
399. Email exploitation with web hosting services. to U.S. Dept Of Defense - 10 upvotes, $0
400. Sensitive Data Exposure via wp-config.php file to U.S. Dept Of Defense - 10 upvotes, $0
401. Exposed GIT repo on ██████████[HtUS] to U.S. Dept Of Defense - 10 upvotes, $0
402. Unauthenticated File Read Adobe ColdFusion to U.S. Dept Of Defense - 10 upvotes, $0
403. [CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (█████████.mil) to U.S. Dept Of Defense - 10 upvotes, $0
404. [CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (██████) to U.S. Dept Of Defense - 10 upvotes, $0
405. [CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (no hostname) to U.S. Dept Of Defense - 10 upvotes, $0
406. DNN - Unrestricted Arbitrary File Upload #████████ to U.S. Dept Of Defense - 10 upvotes, $0
407. Cross-Site Scripting via 'autoPlay' parameter to U.S. Dept Of Defense - 10 upvotes, $0
408. SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
409. Privilege Escalation on a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
410. Reflected XSS on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
411. Personal information disclosure on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
412. Password reset vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
413. Blind SQLi in a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
414. Default credentials on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
415. Server-side include injection vulnerability in a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
416. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
417. Admin panel take over | User info leakage | Mass Comprimise to U.S. Dept Of Defense - 9 upvotes, $0
418. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
419. [█████] Get all tickets (IDOR) to U.S. Dept Of Defense - 9 upvotes, $0
420. PII Leak via https://████████ to U.S. Dept Of Defense - 9 upvotes, $0
421. idor on upload profile functionality to U.S. Dept Of Defense - 9 upvotes, $0
422. Full Account Take-Over of ████████ Members via IDOR to U.S. Dept Of Defense - 9 upvotes, $0
423. Unrestricted File Upload to ███████SubmitRequest/Index.cfm?fwa=wizardform to U.S. Dept Of Defense - 9 upvotes, $0
424. SSN is exposed on slides, previous critical report was not fixed in an appropriate way to U.S. Dept Of Defense - 9 upvotes, $0
425. RCE (Remote code execution) in one of DoD's websites to U.S. Dept Of Defense - 9 upvotes, $0
426. Reflected XSS on ███████ to U.S. Dept Of Defense - 9 upvotes, $0
427. CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. to U.S. Dept Of Defense - 9 upvotes, $0
428. Stored XSS via 64(?) vulnerable fields in ███ leads to credential theft/account takeover to U.S. Dept Of Defense - 9 upvotes, $0
429. XML Injection on https://www.█████████ (███ parameter) to U.S. Dept Of Defense - 9 upvotes, $0
430. RCE in ██████ subdomain via CVE-2017-1000486 to U.S. Dept Of Defense - 9 upvotes, $0
431. Elmah.axd is publicly accessible leaking Error Log to U.S. Dept Of Defense - 9 upvotes, $0
432. SQLi on █████████ to U.S. Dept Of Defense - 9 upvotes, $0
433. S3 bucket listing/download to U.S. Dept Of Defense - 9 upvotes, $0
434. Unauthorized access to PII leads to MASS account Takeover to U.S. Dept Of Defense - 9 upvotes, $0
435. SQL Injection in █████ to U.S. Dept Of Defense - 9 upvotes, $0
436. CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 9 upvotes, $0
437. stored cross site scripting in https://███ to U.S. Dept Of Defense - 9 upvotes, $0
438. Unauthenticated phpinfo()files could lead to ability file read at █████████ [HtUS] to U.S. Dept Of Defense - 9 upvotes, $0
439. Reflected XSS at ████████ to U.S. Dept Of Defense - 9 upvotes, $0
440. LDAP Server NULL Bind Connection Information Disclosure to U.S. Dept Of Defense - 9 upvotes, $0
441. [CVE-2018-0296] Cisco VPN path traversal on the https://1████████ (https://████████.███.████████/) to U.S. Dept Of Defense - 9 upvotes, $0
442. XXE with RCE potential on the https://█████████ (CVE-2017-3548) to U.S. Dept Of Defense - 9 upvotes, $0
443. Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ██████ to U.S. Dept Of Defense - 9 upvotes, $0
444. Cross-Site Scripting via 'description_extra' parameter to U.S. Dept Of Defense - 9 upvotes, $0
445. Cross-Site Scripting via 'RAISED_FUNDS_DESC' parameter to U.S. Dept Of Defense - 9 upvotes, $0
446. Cross-Site Scripting via 'wikitext' parameter to U.S. Dept Of Defense - 9 upvotes, $0
447. XSS on ███ to U.S. Dept Of Defense - 9 upvotes, $0
448. Debug Info disclose to U.S. Dept Of Defense - 9 upvotes, $0
449. Reflected XSS in a Navy website to U.S. Dept Of Defense - 8 upvotes, $0
450. Reflected XSS on an Army website to U.S. Dept Of Defense - 8 upvotes, $0
451. Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
452. Reflected XSS on a Department of Defense website to U.S. Dept Of Defense - 8 upvotes, $0
453. Bypass file access control vulnerability on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
454. XSS on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
455. Reflected XSS on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
456. Remote code execution (RCE) in multiple DoD websites to U.S. Dept Of Defense - 8 upvotes, $0
457. Remote Code Execution (RCE) vulnerability in a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
458. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
459. Insecure Direct Object Reference (IDOR) vulnerability in a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
460. [Critical] Possibility to takeover any user account #2 without interaction on the https://██████████ to U.S. Dept Of Defense - 8 upvotes, $0
461. SSRF on ████████ to U.S. Dept Of Defense - 8 upvotes, $0
462. Critical information disclosure at https://█████████ to U.S. Dept Of Defense - 8 upvotes, $0
463. [███] SQL injection & Reflected XSS to U.S. Dept Of Defense - 8 upvotes, $0
464. Unrestricted File Upload to U.S. Dept Of Defense - 8 upvotes, $0
465. Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE to U.S. Dept Of Defense - 8 upvotes, $0
466. Сode injection host █████████ to U.S. Dept Of Defense - 8 upvotes, $0
467. Stored XSS via Comment Form at ████████ to U.S. Dept Of Defense - 8 upvotes, $0
468. Cross Site Scripting (XSS) – Reflected to U.S. Dept Of Defense - 8 upvotes, $0
469. DOM XSS on https://www.███████ to U.S. Dept Of Defense - 8 upvotes, $0
470. {███} It is posible download all information and files via S3 Bucket Misconfiguration to U.S. Dept Of Defense - 8 upvotes, $0
471. PII Information Leak at https://████████.mil/ to U.S. Dept Of Defense - 8 upvotes, $0
472. SQL Injection in www.██████████ to U.S. Dept Of Defense - 8 upvotes, $0
473. CVE 2020 14179 on jira instance to U.S. Dept Of Defense - 8 upvotes, $0
474. PII Leak via /████████ to U.S. Dept Of Defense - 8 upvotes, $0
475. SSRF due to CVE-2021-26855 on ████████ to U.S. Dept Of Defense - 8 upvotes, $0
476. Reflected XSS at www.███████ at /██████████ via the ████████ parameter to U.S. Dept Of Defense - 8 upvotes, $0
477. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 8 upvotes, $0
478. Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 8 upvotes, $0
479. ███████ - XSS - CVE-2020-3580 to U.S. Dept Of Defense - 8 upvotes, $0
480. Open Akamai ARL XSS at ████████ to U.S. Dept Of Defense - 8 upvotes, $0
481. Cross-site Scripting (XSS) - Reflected at https://██████████/ to U.S. Dept Of Defense - 8 upvotes, $0
482. SSRF ACCESS AWS METADATA - █████ to U.S. Dept Of Defense - 8 upvotes, $0
483. Broken access discloses users and PII at https://███████ [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
484. IDOR on ███████ [HtUS] to U.S. Dept Of Defense - 8 upvotes, $0
485. stored cross site scripting in https://██████████ to U.S. Dept Of Defense - 8 upvotes, $0
486. DoS at ████████ (CVE-2018-6389) to U.S. Dept Of Defense - 8 upvotes, $0
487. HAProxy stats panel exposed externally to U.S. Dept Of Defense - 8 upvotes, $0
488. Improper Access Control on Media Wiki allows an attackers to restart installation on DoD asset to U.S. Dept Of Defense - 8 upvotes, $0
489. Default Credentials on Kinetic Core System Console - https://█████/kinetic/app/ to U.S. Dept Of Defense - 8 upvotes, $0
490. DOM-XSS to U.S. Dept Of Defense - 8 upvotes, $0
491. [HTAF4-213] [Pre-submission] XSS via arbitrary cookie name at the https://www2.██████/nssi/core/dot_stu_reg/Registration.aspx to U.S. Dept Of Defense - 8 upvotes, $0
492. SQL Injection in URI Path Leading to Full Database Disclosure on ████████ to U.S. Dept Of Defense - 8 upvotes, $0
493. SQLi in LASCO CME Query to U.S. Dept Of Defense - 8 upvotes, $0
494. Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ████ to U.S. Dept Of Defense - 8 upvotes, $0
495. Cross-Site Scripting via URL on ███████ to U.S. Dept Of Defense - 8 upvotes, $0
496. Cross-Site Scripting via 'currentImage' parameter to U.S. Dept Of Defense - 8 upvotes, $0
497. Reflected XSS via user Parameter on getconfig.esp Endpoint to U.S. Dept Of Defense - 8 upvotes, $0
498. Reflected XSS on a Navy website to U.S. Dept Of Defense - 7 upvotes, $0
499. Information leakage on a Department of Defense website to U.S. Dept Of Defense - 7 upvotes, $0
500. QuickTime Promotion on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
501. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
502. Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
503. Remote Command Execution on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
504. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
505. Insecure direct object reference vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
506. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
507. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
508. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
509. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
510. Information disclosure on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
511. Violation of secure design principles on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
512. Limited code execution vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
513. X-XSS-Protection -> Misconfiguration to U.S. Dept Of Defense - 7 upvotes, $0
514. Account takeover due to CSRF in "Account details" option on █████████ to U.S. Dept Of Defense - 7 upvotes, $0
515. Root Remote Code Execution on https://███ to U.S. Dept Of Defense - 7 upvotes, $0
516. ██████ Authenticated User Data Disclosure to U.S. Dept Of Defense - 7 upvotes, $0
517. Information Disclosure (can access all ███s) within ███████ view █████████ Portal to U.S. Dept Of Defense - 7 upvotes, $0
518. Open FTP on ███ to U.S. Dept Of Defense - 7 upvotes, $0
519. Exposed ███████ Administrative Interface (ColdFusion 11) to U.S. Dept Of Defense - 7 upvotes, $0
520. Insecure Direct Object Reference on in-scope .mil website to U.S. Dept Of Defense - 7 upvotes, $0
521. Admin Salt Leakage on DoD site. to U.S. Dept Of Defense - 7 upvotes, $0
522. SharePoint exposed web services to U.S. Dept Of Defense - 7 upvotes, $0
523. LDAP Injection at ██████ to U.S. Dept Of Defense - 7 upvotes, $0
524. Corda Server XSS ████████ to U.S. Dept Of Defense - 7 upvotes, $0
525. [████████] Boolean SQL Injection (/personnel.php?content=profile&rcnum=*) to U.S. Dept Of Defense - 7 upvotes, $0
526. ████ █████ exposes highly sensitive information to public to U.S. Dept Of Defense - 7 upvotes, $0
527. Null byte Injection in https://████/ to U.S. Dept Of Defense - 7 upvotes, $0
528. [Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator to U.S. Dept Of Defense - 7 upvotes, $0
529. External Service Interaction | https://█████████.mil to U.S. Dept Of Defense - 7 upvotes, $0
530. https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD to U.S. Dept Of Defense - 7 upvotes, $0
531. hardcoded password stored in javascript of https://████.mil to U.S. Dept Of Defense - 7 upvotes, $0
532. CSRF to account takeover in https://█████/ to U.S. Dept Of Defense - 7 upvotes, $0
533. Reflected XSS on https://█████████html?url to U.S. Dept Of Defense - 7 upvotes, $0
534. ███████mill is vulnerable to cross site request forgery that leads to full account take over. to U.S. Dept Of Defense - 7 upvotes, $0
535. Bypassed a fix to gain access to PII of more than 100 Officers to U.S. Dept Of Defense - 7 upvotes, $0
536. Password Cracking - Weak Password Used to Secure ████ Containing a Plaintext Password to U.S. Dept Of Defense - 7 upvotes, $0
537. Misconfigured AWS S3 bucket leaks senstive data such of admin, Prdouction,beta, localhost and many more directories.... to U.S. Dept Of Defense - 7 upvotes, $0
538. Reflected XSS on ███████ to U.S. Dept Of Defense - 7 upvotes, $0
539. ████████ portal is open to enumeration once authenticated. Session ID's appear static. All PII available once a valid session ID is found. to U.S. Dept Of Defense - 7 upvotes, $0
540. CVE-2019-3403 on https://████/rest/api/2/user/picker?query= to U.S. Dept Of Defense - 7 upvotes, $0
541. [www.███] Reflected Cross-Site Scripting to U.S. Dept Of Defense - 7 upvotes, $0
542. Cache Posioning leading do Denial of Service on www.█████████ to U.S. Dept Of Defense - 7 upvotes, $0
543. XSS on ███ to U.S. Dept Of Defense - 7 upvotes, $0
544. RXSS - ████ to U.S. Dept Of Defense - 7 upvotes, $0
545. (CORS) Cross-origin resource sharing misconfiguration on https://█████████ to U.S. Dept Of Defense - 7 upvotes, $0
546. Military name,email,phone,address,certdata Disclosure to U.S. Dept Of Defense - 7 upvotes, $0
547. Open Akamai ARL XSS at ████████ to U.S. Dept Of Defense - 7 upvotes, $0
548. SSRF due to CVE-2021-27905 in www.████████ to U.S. Dept Of Defense - 7 upvotes, $0
549. Reflected XSS via ████████ parameter to U.S. Dept Of Defense - 7 upvotes, $0
550. Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS] to U.S. Dept Of Defense - 7 upvotes, $0
551. stored cross site scripting in https://███ to U.S. Dept Of Defense - 7 upvotes, $0
552. Out-Of-Bounds Memory Read on ███ to U.S. Dept Of Defense - 7 upvotes, $0
553. [Critical Data Breach] Exposure of PII Data Leak via API Response to U.S. Dept Of Defense - 7 upvotes, $0
554. SQL Injection via URL to U.S. Dept Of Defense - 7 upvotes, $0
555. XML E██████ternal Entity (XXE) Injection in ███ to U.S. Dept Of Defense - 7 upvotes, $0
556. Exposure of Sensitive Debug File Containing database dump with passwords in plain text to U.S. Dept Of Defense - 7 upvotes, $0
557. Critical PII Data Exposure in ORDER_ERROR_LOG to U.S. Dept Of Defense - 7 upvotes, $0
558. Cross-Site Scripting (XSS) Vulnerability via parameter c0-id + Akamai Firewall Bypass to U.S. Dept Of Defense - 7 upvotes, $0
559. Cross-Site Scripting via URL on ███████ to U.S. Dept Of Defense - 7 upvotes, $0
560. Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ███████ to U.S. Dept Of Defense - 7 upvotes, $0
561. Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ███████ to U.S. Dept Of Defense - 7 upvotes, $0
562. Reflected XSS via user Parameter in /ssl-vpn/getconfig.esp to U.S. Dept Of Defense - 7 upvotes, $0
563. Cross-site request forgery vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
564. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
565. Remote file inclusion vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
566. HTML injection vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
567. Reflected XSS in a DoD Website to U.S. Dept Of Defense - 6 upvotes, $0
568. Open redirect vulnerability in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
569. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
570. Arbitary file download vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
571. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
572. Server Side Request Forgery (SSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
573. https://█████████ Vulnerable to CVE-2018-0296 Cisco ASA Path Traversal Authentication Bypass to U.S. Dept Of Defense - 6 upvotes, $0
574. SQL Injection in the get_publications.php on the https://█████ to U.S. Dept Of Defense - 6 upvotes, $0
575. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
576. Out-of-date Version (Apache) to U.S. Dept Of Defense - 6 upvotes, $0
577. Default page exposes admin functions and all metods and classes available. on https://██████/█████/dwr/index.html to U.S. Dept Of Defense - 6 upvotes, $0
578. WebLogic Server Side Request Forgery to U.S. Dept Of Defense - 6 upvotes, $0
579. SharePoint exposed web services to U.S. Dept Of Defense - 6 upvotes, $0
580. Partial PII leakage due to public set gitlab to U.S. Dept Of Defense - 6 upvotes, $0
581. [████████] Reflected XSS to U.S. Dept Of Defense - 6 upvotes, $0
582. Email PII disclosure due to Insecure Password Reset field to U.S. Dept Of Defense - 6 upvotes, $0
583. ██████████ bruteforceable RIC Codes allowing information on contracts to U.S. Dept Of Defense - 6 upvotes, $0
584. [█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action to U.S. Dept Of Defense - 6 upvotes, $0
585. [██████████] Unauthorized access to admin panel to U.S. Dept Of Defense - 6 upvotes, $0
586. Stored XSS at ██████userprofile.aspx to U.S. Dept Of Defense - 6 upvotes, $0
587. [████] SQL Injections on Referer Header exploitable via Time-Based method to U.S. Dept Of Defense - 6 upvotes, $0
588. PHP info page disclosure to U.S. Dept Of Defense - 6 upvotes, $0
589. Stored XSS at https://www.█████████.mil to U.S. Dept Of Defense - 6 upvotes, $0
590. Insecure ███████ credentials on staging app at ████ leads to application takeover to U.S. Dept Of Defense - 6 upvotes, $0
591. Register with non accepted email types on https://███████ to U.S. Dept Of Defense - 6 upvotes, $0
592. Second Order XSS via █████ to U.S. Dept Of Defense - 6 upvotes, $0
593. Knowledge Base Articles are Globally Modifiable via ██████ to U.S. Dept Of Defense - 6 upvotes, $0
594. Support incident can be opened for any user via /███████ and PII leak via █████████ field to U.S. Dept Of Defense - 6 upvotes, $0
595. Information Disclosure(PHPINFO/Credentials) on DoD Asset to U.S. Dept Of Defense - 6 upvotes, $0
596. CRXDE Lite/CRX is on ██████ exposed that leads to PII disclosure to U.S. Dept Of Defense - 6 upvotes, $0
597. param allows any external resource to be downloadable | https://████████ to U.S. Dept Of Defense - 6 upvotes, $0
598. Read-only path traversal (CVE-2020-3452) at https://██████.mil to U.S. Dept Of Defense - 6 upvotes, $0
599. Reflected XSS on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
600. Website vulnerable to POODLE (SSLv3) with expired certificate to U.S. Dept Of Defense - 6 upvotes, $0
601. [█████████] Reflected Cross-Site Scripting Vulnerability to U.S. Dept Of Defense - 6 upvotes, $0
602. Path traversal on [███] to U.S. Dept Of Defense - 6 upvotes, $0
603. Reflected XSS at ████ via ██████████= parameter to U.S. Dept Of Defense - 6 upvotes, $0
604. Reflected XSS at https://█████ via "██████████" parameter to U.S. Dept Of Defense - 6 upvotes, $0
605. CSRF - Modify User Settings with one click - Account TakeOver to U.S. Dept Of Defense - 6 upvotes, $0
606. XSS on https://████/ via ███████ parameter to U.S. Dept Of Defense - 6 upvotes, $0
607. username and password leaked via pptx for █████████ website to U.S. Dept Of Defense - 6 upvotes, $0
608. [CVE-2020-3452] on ███████ to U.S. Dept Of Defense - 6 upvotes, $0
609. SQL INJECTION in https://████/██████████ to U.S. Dept Of Defense - 6 upvotes, $0
610. ██████████ vulnerable to CVE-2022-22954 to U.S. Dept Of Defense - 6 upvotes, $0
611. CVE-2020-3187 - Unauthenticated Arbitrary File Deletion to U.S. Dept Of Defense - 6 upvotes, $0
612. RXSS on █████████ to U.S. Dept Of Defense - 6 upvotes, $0
613. XSS DUE TO CVE-2022-38463 in https://████████ to U.S. Dept Of Defense - 6 upvotes, $0
614. Open Redirect at █████ to U.S. Dept Of Defense - 6 upvotes, $0
615. XSS via Client Side Template Injection on www.███/News/Speeches to U.S. Dept Of Defense - 6 upvotes, $0
616. stored cross site scripting in https://███████ to U.S. Dept Of Defense - 6 upvotes, $0
617. stored cross site scripting in https://██████████ to U.S. Dept Of Defense - 6 upvotes, $0
618. stored cross site scripting in https://█████████ to U.S. Dept Of Defense - 6 upvotes, $0
619. stored cross site scripting in https://███ to U.S. Dept Of Defense - 6 upvotes, $0
620. Install.php File Exposure on Drupal to U.S. Dept Of Defense - 6 upvotes, $0
621. Exposed Extremely Sensitive Information in Public ZIP File to U.S. Dept Of Defense - 6 upvotes, $0
622. Unauthenticated File Read Adobe ColdFusion to U.S. Dept Of Defense - 6 upvotes, $0
623. SQL Injection - data[account][id] parameter to U.S. Dept Of Defense - 6 upvotes, $0
624. SQL Injection - JSON 'name' parameter to U.S. Dept Of Defense - 6 upvotes, $0
625. SQL Injection - entryid parameter in 'formbuilderv2-confirmation.php' to U.S. Dept Of Defense - 6 upvotes, $0
626. Improper Authentication Allows Making Requests as Other Users to U.S. Dept Of Defense - 6 upvotes, $0
627. Cross-Site Scripting (XSS) Vulnerability via POST Method + Akamai Firewall Bypass to U.S. Dept Of Defense - 6 upvotes, $0
628. Error-based blind SQL injection to U.S. Dept Of Defense - 6 upvotes, $0
629. POST XSS - fields[account][lastname] parameter to U.S. Dept Of Defense - 6 upvotes, $0
630. POST XSS - fields[account][firstname] parameter to U.S. Dept Of Defense - 6 upvotes, $0
631. POST XSS - data[account][id] parameter to U.S. Dept Of Defense - 6 upvotes, $0
632. Cross-Site Scripting via 'return_link_url' parameter to U.S. Dept Of Defense - 6 upvotes, $0
633. exposed FOUO documents, including Passport information to U.S. Dept Of Defense - 6 upvotes, $0
634. Cross-Site Scripting via 'EVENT_DESCRIPTION' parameter to U.S. Dept Of Defense - 6 upvotes, $0
635. Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ██████████ to U.S. Dept Of Defense - 6 upvotes, $0
636. XSS vulnerability on an Army website to U.S. Dept Of Defense - 5 upvotes, $0
637. Open Redirect in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
638. Remote command execution (RCE) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
639. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
640. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
641. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
642. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
643. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
644. Reflected cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
645. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
646. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
647. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
648. sql injection on /messagecenter/messagingcenter at https://www.███████/ to U.S. Dept Of Defense - 5 upvotes, $0
649. Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████ to U.S. Dept Of Defense - 5 upvotes, $0
650. HTML Injection on ████ to U.S. Dept Of Defense - 5 upvotes, $0
651. Able to view Backend Database dur to improper authentication to U.S. Dept Of Defense - 5 upvotes, $0
652. Internal IP Address Disclosed to U.S. Dept Of Defense - 5 upvotes, $0
653. CORS Misconfiguration Leads to Exposing User Data to U.S. Dept Of Defense - 5 upvotes, $0
654. Reflected XSS and HTML Injectionon a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
655. Able to authenticate as administrator by navigating to https://█████/admin/ to U.S. Dept Of Defense - 5 upvotes, $0
656. SSRF in login page using fetch API exposes victims IP address to attacker controled server to U.S. Dept Of Defense - 5 upvotes, $0
657. Directory Indexing on the ████ (https://████/) leads to the backups disclosure and credentials leak to U.S. Dept Of Defense - 5 upvotes, $0
658. PII Leak of ████████ Personal at https://www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
659. Improper Access Controls Allow PII Leak via ████ to U.S. Dept Of Defense - 5 upvotes, $0
660. Arbitrary file upload and stored XSS via ███ support request to U.S. Dept Of Defense - 5 upvotes, $0
661. Access to requests and approvals via /█████ allows sensitive information gathering to U.S. Dept Of Defense - 5 upvotes, $0
662. HTML Injection + XSS Vulnerability - https://████████/ | Proof of Concept [PoC] to U.S. Dept Of Defense - 5 upvotes, $0
663. RXSS - https://███/ to U.S. Dept Of Defense - 5 upvotes, $0
664. Blind Stored XSS on https://█████████ after filling a request at https://█████ to U.S. Dept Of Defense - 5 upvotes, $0
665. reflected xss @ www.█████████ to U.S. Dept Of Defense - 5 upvotes, $0
666. CVE-2021-26855 on ████████ resulting in SSRF to U.S. Dept Of Defense - 5 upvotes, $0
667. Reflected XSS in https://██████████ via "████████" parameter to U.S. Dept Of Defense - 5 upvotes, $0
668. XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 5 upvotes, $0
669. Subdomain takeover of ███ to U.S. Dept Of Defense - 5 upvotes, $0
670. XSS due to CVE-2020-3580 [██████] to U.S. Dept Of Defense - 5 upvotes, $0
671. Bypassing CORS Misconfiguration Leads to Sensitive Exposure at https://███/ to U.S. Dept Of Defense - 5 upvotes, $0
672. Reflected XSS [██████] to U.S. Dept Of Defense - 5 upvotes, $0
673. RXSS on ███████ to U.S. Dept Of Defense - 5 upvotes, $0
674. IDOR Lead To VIEW & DELETE & Create api_key [HtUS] to U.S. Dept Of Defense - 5 upvotes, $0
675. Reflected XSS | https://████████ to U.S. Dept Of Defense - 5 upvotes, $0
676. stored cross site scripting in https://████ to U.S. Dept Of Defense - 5 upvotes, $0
677. stored cross site scripting in https://███ to U.S. Dept Of Defense - 5 upvotes, $0
678. Reflected XSS in ██████████ to U.S. Dept Of Defense - 5 upvotes, $0
679. Reflected XSS in ██████████ to U.S. Dept Of Defense - 5 upvotes, $0
680. XSS in ServiceNow logout https://████:443 to U.S. Dept Of Defense - 5 upvotes, $0
681. ASBS viewing other soldiers PII/Board/Board Voters/ETC to U.S. Dept Of Defense - 5 upvotes, $0
682. Exposed wp-config.php file to U.S. Dept Of Defense - 5 upvotes, $0
683. Exposed Sensitive PDF: Misconfigured Access Controls Leading to Information Disclosure to U.S. Dept Of Defense - 5 upvotes, $0
684. POST XSS - data[type] parameter to U.S. Dept Of Defense - 5 upvotes, $0
685. DNS Misconfiguration to U.S. Dept Of Defense - 4 upvotes, $0
686. Persistent XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
687. Cross-site scripting vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
688. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
689. Arbitrary Script Injection (Mail) in a DoD Website to U.S. Dept Of Defense - 4 upvotes, $0
690. Misconfigured user account settings on DoD website to U.S. Dept Of Defense - 4 upvotes, $0
691. Stored cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
692. HTML Injection/Load Images vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
693. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
694. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
695. Cross-Site Scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
696. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
697. Server side information disclosure on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
698. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
699. Reflected XSS on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
700. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
701. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
702. Cross-site request forgery (CSRF) vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
703. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
704. Information disclosure vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
705. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
706. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
707. SQL injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
708. Reflective XSS vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
709. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
710. Stored cross site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
711. Remote Code Execution (RCE) vulnerability in multiple DoD websites to U.S. Dept Of Defense - 4 upvotes, $0
712. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
713. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
714. Cross-site scripting (XSS) on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
715. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
716. Remote OS command Execution in the 3 more Oracle Weblogic on the ████████, ████, ███████ [CVE-2017-10352] to U.S. Dept Of Defense - 4 upvotes, $0
717. https://████████ Impacted by DNN ImageHandler SSRF to U.S. Dept Of Defense - 4 upvotes, $0
718. Code reversion allowing SQLI again in ███████ to U.S. Dept Of Defense - 4 upvotes, $0
719. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
720. Attackers can control which security questions they are presented (████████) to U.S. Dept Of Defense - 4 upvotes, $0
721. SQL injection on https://███████ to U.S. Dept Of Defense - 4 upvotes, $0
722. Blind SQL Injection on DoD Site to U.S. Dept Of Defense - 4 upvotes, $0
723. CRLF Injection on ███████ to U.S. Dept Of Defense - 4 upvotes, $0
724. █████ - DOM-based XSS to U.S. Dept Of Defense - 4 upvotes, $0
725. [███████] Reflected GET XSS (/mission.php?...&missionDate=*) to U.S. Dept Of Defense - 4 upvotes, $0
726. █████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files to U.S. Dept Of Defense - 4 upvotes, $0
727. Firewall rules for ████████ can be bypassed to leak site authors to U.S. Dept Of Defense - 4 upvotes, $0
728. Application level DoS via xmlrpc.php to U.S. Dept Of Defense - 4 upvotes, $0
729. No ACL on S3 Bucket in [https://www.██████████/] to U.S. Dept Of Defense - 4 upvotes, $0
730. [████████] — XSS on /███████_flight/images via advanced_val parameter to U.S. Dept Of Defense - 4 upvotes, $0
731. Unrestricted file upload leads to stored xss on https://████████/ to U.S. Dept Of Defense - 4 upvotes, $0
732. HTML Injection leads to XSS on███ to U.S. Dept Of Defense - 4 upvotes, $0
733. Reflected XSS on https://███████/ to U.S. Dept Of Defense - 4 upvotes, $0
734. [██████████.mil] Cisco VPN Service Path Traversal to U.S. Dept Of Defense - 4 upvotes, $0
735. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 4 upvotes, $0
736. Apparent ██████████ website is publicly exposed, suggests default account details on page and has expired SSL/TLS cert to U.S. Dept Of Defense - 4 upvotes, $0
737. SharePoint Web Services Exposed to Anonymous Access to U.S. Dept Of Defense - 4 upvotes, $0
738. Able to log in with default ██████g creds at https█████████████████████.mil to U.S. Dept Of Defense - 4 upvotes, $0
739. System Error Reveals Sensitive SQL Call Data to U.S. Dept Of Defense - 4 upvotes, $0
740. Dashboard sharing enables code injection into ████ emails to U.S. Dept Of Defense - 4 upvotes, $0
741. PII Leak via /███████ to U.S. Dept Of Defense - 4 upvotes, $0
742. PII Leak via /██████ to U.S. Dept Of Defense - 4 upvotes, $0
743. Stored XSS through name / last name on https://██████████/ to U.S. Dept Of Defense - 4 upvotes, $0
744. Self XSS + CSRF Leads to Reflected XSS in https://████/ to U.S. Dept Of Defense - 4 upvotes, $0
745. Read-only path traversal (CVE-2020-3452) at https://█████ to U.S. Dept Of Defense - 4 upvotes, $0
746. Read-only path traversal (CVE-2020-3452) at https://████████ to U.S. Dept Of Defense - 4 upvotes, $0
747. Members Personal Information Leak Due to IDOR to U.S. Dept Of Defense - 4 upvotes, $0
748. xss on https://███████(█████████ parameter) to U.S. Dept Of Defense - 4 upvotes, $0
749. [CVE-2021-29156] LDAP Injection at https://██████ to U.S. Dept Of Defense - 4 upvotes, $0
750. SQL injection located in ███ in POST param ████████ to U.S. Dept Of Defense - 4 upvotes, $0
751. Wrong settings in ADF Faces leads to information disclosure to U.S. Dept Of Defense - 4 upvotes, $0
752. ██████████ running a vulnerable log4j to U.S. Dept Of Defense - 4 upvotes, $0
753. default ████ creds on https://████████ to U.S. Dept Of Defense - 4 upvotes, $0
754. Reflected XSS at https://█████████ via "███" parameter to U.S. Dept Of Defense - 4 upvotes, $0
755. XSS trigger via HTML Iframe injection in ( https://██████████ ) due to unfiltered HTML tags to U.S. Dept Of Defense - 4 upvotes, $0
756. IDOR - Delete Users Saved Projects to U.S. Dept Of Defense - 4 upvotes, $0
757. CORS Misconfiguration to U.S. Dept Of Defense - 4 upvotes, $0
758. ███ vulnerable to CVE-2022-22954 to U.S. Dept Of Defense - 4 upvotes, $0
759. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 4 upvotes, $0
760. XSS DUE TO CVE-2020-3580 to U.S. Dept Of Defense - 4 upvotes, $0
761. Reflected XSS [██████] to U.S. Dept Of Defense - 4 upvotes, $0
762. springboot actuator is leaking internals at ██████████ to U.S. Dept Of Defense - 4 upvotes, $0
763. Secret Access Key of AWS Firehose Disclosure to U.S. Dept Of Defense - 4 upvotes, $0
764. ASP.NET Application Trace Enabled to U.S. Dept Of Defense - 4 upvotes, $0
765. Exposed wp-config.php file in ███ National Guard website to U.S. Dept Of Defense - 4 upvotes, $0
766. ASBS Analytics Dashboard to U.S. Dept Of Defense - 4 upvotes, $0
767. Swagger UI Injection via Config URL - ███ to U.S. Dept Of Defense - 4 upvotes, $0
768. Cross-Site Scripting via 'fname' parameter in ███ to U.S. Dept Of Defense - 4 upvotes, $0
769. Reflected Cross-Site Scripting (XSS) to U.S. Dept Of Defense - 4 upvotes, $0
770. Reflected XSS in Telerik.ReportViewer.axd with F5 BIG-IP ASM Bypass on ████ to U.S. Dept Of Defense - 4 upvotes, $0
771. Server side information disclosure to U.S. Dept Of Defense - 3 upvotes, $0
772. XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
773. Potentially sensitive information disclosure on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
774. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
775. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
776. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
777. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
778. DOM Based XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
779. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
780. Cross-site request forgery (CSRF) vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
781. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
782. Reflected XSS vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
783. Information disclosure vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
784. Reflected XSS on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
785. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
786. Online training material disclosing username and password to U.S. Dept Of Defense - 3 upvotes, $0
787. ████████ SQL to U.S. Dept Of Defense - 3 upvotes, $0
788. Illegal account registration in ████████ to U.S. Dept Of Defense - 3 upvotes, $0
789. Sensitive Email disclosure Due to Insecure Reactivate Account field to U.S. Dept Of Defense - 3 upvotes, $0
790. Exposed FTP Credentials on ███████ to U.S. Dept Of Defense - 3 upvotes, $0
791. █████ - DOM-based XSS to U.S. Dept Of Defense - 3 upvotes, $0
792. [██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action to U.S. Dept Of Defense - 3 upvotes, $0
793. Sensitive Information Leaking Through DoD Owned Website. [██████████] to U.S. Dept Of Defense - 3 upvotes, $0
794. Followup - SQL Injection - https://██████████/██████/MSI.portal to U.S. Dept Of Defense - 3 upvotes, $0
795. Improper Neutralization of Input During Web Page Generation to U.S. Dept Of Defense - 3 upvotes, $0
796. Admin Login Credential Leak for DoD Gitlab EE instance to U.S. Dept Of Defense - 3 upvotes, $0
797. Sensitive Information Leaking Through DARPA Website. [█████████] to U.S. Dept Of Defense - 3 upvotes, $0
798. Domian Takeover in [███████] to U.S. Dept Of Defense - 3 upvotes, $0
799. XSS Reflected to U.S. Dept Of Defense - 3 upvotes, $0
800. Reflected XSS on ███████ page to U.S. Dept Of Defense - 3 upvotes, $0
801. Reflected XSS in https://███████ via search parameter to U.S. Dept Of Defense - 3 upvotes, $0
802. PII Leak (such as CAC User ID) at https://████████/pages/login.aspx to U.S. Dept Of Defense - 3 upvotes, $0
803. POST based RXSS on https://█████ via frm_email parameter to U.S. Dept Of Defense - 3 upvotes, $0
804. Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 3 upvotes, $0
805. Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 3 upvotes, $0
806. [HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████ to U.S. Dept Of Defense - 3 upvotes, $0
807. XSS due to CVE-2020-3580 [███.mil] to U.S. Dept Of Defense - 3 upvotes, $0
808. https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability) to U.S. Dept Of Defense - 3 upvotes, $0
809. System Error Reveals SQL Information to U.S. Dept Of Defense - 3 upvotes, $0
810. Reflected XSS in https://███████ via hidden parameter "████████" to U.S. Dept Of Defense - 3 upvotes, $0
811. Reflected XSS on https://███/████via hidden parameter "█████████" to U.S. Dept Of Defense - 3 upvotes, $0
812. Reflected XSS at https://██████/██████████ via "████████" parameter to U.S. Dept Of Defense - 3 upvotes, $0
813. Reflected XSS at https://██████/██████ via "██████" parameter to U.S. Dept Of Defense - 3 upvotes, $0
814. CUI Labelled document out in the open to U.S. Dept Of Defense - 3 upvotes, $0
815. XSS Reflected - ███ to U.S. Dept Of Defense - 3 upvotes, $0
816. XSS on https://██████/███ via █████ parameter to U.S. Dept Of Defense - 3 upvotes, $0
817. [www.█████] Path-based reflected Cross Site Scripting to U.S. Dept Of Defense - 3 upvotes, $0
818. Reflected XSS [███] to U.S. Dept Of Defense - 3 upvotes, $0
819. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 3 upvotes, $0
820. RXSS on █████████ to U.S. Dept Of Defense - 3 upvotes, $0
821. Reflected Xss in [██████] to U.S. Dept Of Defense - 3 upvotes, $0
822. Directory Traversal at █████ to U.S. Dept Of Defense - 3 upvotes, $0
823. Unprotected ██████ and Test site API Exposes Documents, Credentials, and Emails in ██████████ Proposal System to U.S. Dept Of Defense - 3 upvotes, $0
824. [HTA2] Receiving████ access request on @wearehackerone.com email address to U.S. Dept Of Defense - 3 upvotes, $0
825. [███] .NET Framework ObjRefs Disclosure (CVE-2024-29059) to U.S. Dept Of Defense - 3 upvotes, $0
826. Reflected XSS via user parameter on getconfig.esp endpoint to U.S. Dept Of Defense - 3 upvotes, $0
827. Information disclosure on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
828. Reflected XSS vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
829. Stored XSS vulnerability on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
830. Reflected XSS on a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
831. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
832. 2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929 to U.S. Dept Of Defense - 2 upvotes, $0
833. Multiple cryptographic vulnerabilities in login page on ███████ to U.S. Dept Of Defense - 2 upvotes, $0
834. █████ - Pre-generation of VIEWSTATE allows CAC bypass to U.S. Dept Of Defense - 2 upvotes, $0
835. Padding Oracle ms10-070 in the a DoD website (https://██████/) to U.S. Dept Of Defense - 2 upvotes, $0
836. Unencrypted __VIEWSTATE parameter in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
837. Username&password is Disclosure in readme file in [https://█████████] to U.S. Dept Of Defense - 2 upvotes, $0
838. Sensitive Information Leaking Through Navy Website. [█████] to U.S. Dept Of Defense - 2 upvotes, $0
839. Stored XSS on ████████helpdesk to U.S. Dept Of Defense - 2 upvotes, $0
840. Access to Unclassified / FOUO Advanced Motion Platform of █████████.mil to U.S. Dept Of Defense - 2 upvotes, $0
841. Reflected XSS - https://███ to U.S. Dept Of Defense - 2 upvotes, $0
842. [CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol! to U.S. Dept Of Defense - 2 upvotes, $0
843. Sensitive information on ██████████ to U.S. Dept Of Defense - 2 upvotes, $0
844. XSS due to CVE-2020-3580 [███] to U.S. Dept Of Defense - 2 upvotes, $0
845. Information disclosure at '████████' --- CVE-2020-14179 to U.S. Dept Of Defense - 2 upvotes, $0
846. RXSS Via URI Path - https://██████████/ to U.S. Dept Of Defense - 2 upvotes, $0
847. ███ ████████ running a vulnerable log4j to U.S. Dept Of Defense - 2 upvotes, $0
848. Reflected XSS at https://██████████/████████ via "███████" parameter to U.S. Dept Of Defense - 2 upvotes, $0
849. XSS because of Akamai ARL misconfiguration on ████ to U.S. Dept Of Defense - 2 upvotes, $0
850. CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████ to U.S. Dept Of Defense - 2 upvotes, $0
851. Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████ to U.S. Dept Of Defense - 2 upvotes, $0
852. an internel important paths disclosure [HtUS] to U.S. Dept Of Defense - 2 upvotes, $0
853. STORED XSS in █████████/nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS] to U.S. Dept Of Defense - 2 upvotes, $0
854. Reflected XSS | https://████ to U.S. Dept Of Defense - 2 upvotes, $0
855. Sensitive Images & Files Exposed Through Directory Listing to U.S. Dept Of Defense - 2 upvotes, $0
856. Cross-site scripting (XSS) vulnerability on a DoD website to U.S. Dept Of Defense - 1 upvotes, $0
857. SQL injection found in US Navy Website (http://███/) to U.S. Dept Of Defense - 1 upvotes, $0
858. Access to job creation web page on http://████████ to U.S. Dept Of Defense - 1 upvotes, $0
859. Content-Injection/XSS ████ to U.S. Dept Of Defense - 1 upvotes, $0
860. [https://███] Local File Inclusion via graph.php to U.S. Dept Of Defense - 1 upvotes, $0
861. SQL Injection - https://███/█████████/MSI.portal to U.S. Dept Of Defense - 1 upvotes, $0
862. Publicly accessible Grafana install allows pivoting to Prometheus datasource to U.S. Dept Of Defense - 1 upvotes, $0
863. [██████████] — Directory traversal via /aerosol-bin/███████/display_directory_████_t.cgi to U.S. Dept Of Defense - 1 upvotes, $0
864. PulseSSL VPN Site with Compromised Creds @ ████ to U.S. Dept Of Defense - 1 upvotes, $0
865. https://█████ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability to U.S. Dept Of Defense - 1 upvotes, $0
866. Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179 to U.S. Dept Of Defense - 1 upvotes, $0
867. SharePoint Web Services Exposed to Anonymous Access to U.S. Dept Of Defense - 1 upvotes, $0
868. Reflected XSS on https://█████ to U.S. Dept Of Defense - 1 upvotes, $0
869. xss reflected on https://███████- (███ parameters) to U.S. Dept Of Defense - 1 upvotes, $0
870. XSS Reflected on https://███ (███ parameter) to U.S. Dept Of Defense - 1 upvotes, $0
871. CUI labled and ████ and ██████ Restricted ██████ intelligence to U.S. Dept Of Defense - 1 upvotes, $0
872. [CVE-2020-3452] Unauthenticated file read in Cisco ASA to U.S. Dept Of Defense - 1 upvotes, $0
873. RXSS ON https://██████████ to U.S. Dept Of Defense - 1 upvotes, $0
874. Reflected XSS - in Email Input to U.S. Dept Of Defense - 1 upvotes, $0
875. Arbitrary File Deletion (CVE-2020-3187) on ████████ to U.S. Dept Of Defense - 1 upvotes, $0
876. CVE-2020-3452 on https://█████/ to U.S. Dept Of Defense - 1 upvotes, $0
877. XSS on https://███████/██████████ parameter to U.S. Dept Of Defense - 1 upvotes, $0
878. XSS on https://████████/████' parameter to U.S. Dept Of Defense - 1 upvotes, $0
879. ██████_log4j - https://██████ to U.S. Dept Of Defense - 1 upvotes, $0
880. solr_log4j - http://██████████ to U.S. Dept Of Defense - 1 upvotes, $0
881. Two Error-Based SQLi in courses.aspx on ██████████ to U.S. Dept Of Defense - 0 upvotes, $0
882. Sensitive information on '████████' to U.S. Dept Of Defense - 0 upvotes, $0
883. CUI labled and ████ Restricted pdf on █████ to U.S. Dept Of Defense - 0 upvotes, $0
884. Access to admininstrative resources/account via path traversal to U.S. Dept Of Defense - 0 upvotes, $0