U.S. Dept Of Defense - HackerOne Reports
View on HackerOne829
Total Reports
168
Critical
211
High
378
Medium
63
Low
Sensitive information on '████████'
Reported by:
3mm3
|
Disclosed:
Medium
Weakness: Cleartext Storage of Sensitive Information
Exposed Docker Registry at https://████
Reported by:
phibz
|
Disclosed:
High
Weakness: Improper Authentication - Generic
CSRF Attack leads to delete album at ████████
Reported by:
prakhar0x01
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Reflected XSS at https://█████ via "██████████" parameter
Reported by:
pelegn
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Reflected XSS at https://██████/██████████ via "████████" parameter
Reported by:
pelegn
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Reflected XSS at https://██████/██████ via "██████" parameter
Reported by:
pelegn
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Subdomain takeover of █████████
Reported by:
martinvw
|
Disclosed:
Critical
Weakness: Security Through Obscurity
Critical information disclosure at https://█████████
Reported by:
juliocesar
|
Disclosed:
Medium
Weakness: Information Disclosure
SQL injection vulnerability on a DoD website
Reported by:
vag_mour
|
Disclosed:
High
Weakness: SQL Injection
Remote Code Execution (RCE) in a DoD website
Reported by:
joaomatosf
|
Disclosed:
Critical
Weakness: Deserialization of Untrusted Data
CVEs:
CVE-2017-10366
Remote Code Execution (RCE) in a DoD website
Reported by:
joaomatosf
|
Disclosed:
Critical
Weakness: Deserialization of Untrusted Data
CVEs:
CVE-2017-10366
Information disclosure vulnerability on a DoD website
Reported by:
jon_bottarini
|
Disclosed:
Medium
Weakness: Improper Authentication - Generic
xmlrpc.php file enabled at ██████.org
Reported by:
iam_a_jinchuriki
|
Disclosed:
Medium
Weakness: Violation of Secure Design Principles
Corda Server XSS ████████
Reported by:
alyssa_herrera
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
PII leakage due to caching of Order/Contract ID's on █████████
Reported by:
alyssa_herrera
|
Disclosed:
High
Weakness: Information Disclosure
Cross Site Scripting
Reported by:
prakhar0x01
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Email Takeover leads to permanent account deletion
Reported by:
prakhar0x01
|
Disclosed:
High
Weakness: Insecure Direct Object Reference (IDOR)
[Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator
Reported by:
hunt4p1zza
|
Disclosed:
Critical
Weakness: Improper Access Control - Generic
Privilege Escalation on a DoD Website
Reported by:
vag_mour
|
Disclosed:
Critical
Weakness: Privilege Escalation
Authentication Bypass Using Default Credentials on █████
Reported by:
hack3ron___1
|
Disclosed:
Critical
Weakness: Improper Authentication - Generic