Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

U.S. Dept Of Defense - HackerOne Reports

View on HackerOne

826

Total Reports

167

Critical

211

High

376

Medium

63

Low

SQL injection vulnerability on a DoD website

Reported by: vag_mour | Disclosed:

High

Weakness: SQL Injection

Information disclosure vulnerability on a DoD website

Reported by: jon_bottarini | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Remote Code Execution (RCE) in a DoD website

Reported by: joaomatosf | Disclosed:

Critical

Weakness: Deserialization of Untrusted Data

CVEs: CVE-2017-10366

Remote Code Execution (RCE) in a DoD website

Reported by: joaomatosf | Disclosed:

Critical

Weakness: Deserialization of Untrusted Data

CVEs: CVE-2017-10366

Remote Code Execution (RCE) in a DoD website

Reported by: joaomatosf | Disclosed:

Critical

Weakness: Deserialization of Untrusted Data

Remote Code Execution (RCE) in a DoD website

Reported by: joaomatosf | Disclosed:

Critical

Weakness: Deserialization of Untrusted Data

CVEs: CVE-2017-10366

xmlrpc.php file enabled at ██████.org

Reported by: iam_a_jinchuriki | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Corda Server XSS ████████

Reported by: alyssa_herrera | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

PII leakage due to caching of Order/Contract ID's on █████████

Reported by: alyssa_herrera | Disclosed:

High

Weakness: Information Disclosure

Cross Site Scripting

Reported by: prakhar0x01 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Email Takeover leads to permanent account deletion

Reported by: prakhar0x01 | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

[Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator

Reported by: hunt4p1zza | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Able to authenticate as administrator by navigating to https://█████/admin/

Reported by: nagli | Disclosed:

High

Weakness: Improper Authentication - Generic

CRLF Injection on ███████

Reported by: twicedi | Disclosed:

Medium

Weakness: CRLF Injection

Missing Access Control Allows for User Creation and Privilege Escalation

Reported by: bulldawg | Disclosed:

High

Weakness: Improper Access Control - Generic

Unauthorized Access Exposing Sensitive Data

Reported by: moha1sd | Disclosed:

High

Weakness: Improper Authentication - Generic

Reflected XSS on [█████████]

Reported by: saajanbhujel | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

HTML Injection on ████

Reported by: akaki | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Reflected XSS vulnerability on a DoD website

Reported by: mantis | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

authentication bypass

Reported by: xandsz | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Previous Page 2 of 42 Next