U.S. Dept Of Defense - HackerOne Reports
View on HackerOne826
Total Reports
167
Critical
211
High
376
Medium
63
Low
Git repo on https://██████.mil/ discloses API password
Reported by:
al-madjus
|
Disclosed:
High
Weakness: Password in Configuration File
Cross-site request forgery (CSRF) vulnerability in a DoD website
Reported by:
mantis
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Generic
LDAP Anonymous Login enabled in ████
Reported by:
shuvam321
|
Disclosed:
High
Weakness: Information Disclosure
Blind Sql Injection in https://█████/qsSearch.aspx
Reported by:
hack0neone
|
Disclosed:
High
Weakness: SQL Injection
Request smuggling on ████████
Reported by:
albinowax
|
Disclosed:
High
Weakness: HTTP Request Smuggling
Exposed Docker Registry at https://████
Reported by:
phibz
|
Disclosed:
High
Weakness: Improper Authentication - Generic
RCE in ██████ subdomain via CVE-2017-1000486
Reported by:
skarsom
|
Disclosed:
High
Weakness: Code Injection
CVEs:
CVE-2017-1000486
Blind Stored XSS on the internal host - █████████████
Reported by:
sp1d3rs
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
[https://███] Local File Inclusion via graph.php
Reported by:
cablej_dds
|
Disclosed:
Medium
Weakness: Path Traversal
SQL injection my method -1 OR 3*2*1=6 AND 000159=000159
Reported by:
lu3ky-13
|
Disclosed:
Medium
Weakness: Code Injection
Cross site scripting
Reported by:
lu3ky-13
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
User automatically logged in as Sys Admin user on https://███/Administration/Administration.aspx
Reported by:
mrr0b0t2324
|
Disclosed:
Critical
Weakness: Improper Access Control - Generic
Null byte Injection in https://████/
Reported by:
mohammedadam24
|
Disclosed:
High
Weakness: Improper Null Termination
Reflected XSS at https://█████████ via "███" parameter
Reported by:
pelegn
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Reflected XSS at https://█████ via "██████████" parameter
Reported by:
pelegn
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Reflected XSS at https://██████/██████████ via "████████" parameter
Reported by:
pelegn
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Reflected XSS at https://██████/██████ via "██████" parameter
Reported by:
pelegn
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Subdomain takeover of █████████
Reported by:
martinvw
|
Disclosed:
Critical
Weakness: Security Through Obscurity
Reflected XSS at https://██████████/████████ via "███████" parameter
Reported by:
pelegn
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Critical information disclosure at https://█████████
Reported by:
juliocesar
|
Disclosed:
Medium
Weakness: Information Disclosure
Page 1 of 42
Next