U.S. Dept Of Defense - HackerOne Reports
View on HackerOne826
Total Reports
167
Critical
211
High
376
Medium
63
Low
SQL injection vulnerability on a DoD website
Reported by:
0xd0m7
|
Disclosed:
Medium
Weakness: SQL Injection
Remote command execution (RCE) vulnerability on a DoD website
Reported by:
japp1
|
Disclosed:
Critical
Weakness: Code Injection
Unauthenticated Jenkins instance exposed information related to █████
Reported by:
ashutosh7
|
Disclosed:
High
Weakness: Improper Authentication - Generic
System Error Reveals Sensitive SQL Call Data
Reported by:
5050thepiguy
|
Disclosed:
Medium
Weakness: Information Exposure Through Debug Information
Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179
Reported by:
lu3ky-13
|
Disclosed:
Medium
Weakness: Information Disclosure
CVEs:
CVE-2020-14179
Reflected XSS on ██████.mil
Reported by:
alishah
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
CSRF Attack leads to delete album at ████████
Reported by:
prakhar0x01
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Directory Indexing on the ████ (https://████/) leads to the backups disclosure and credentials leak
Reported by:
sp1d3rs
|
Disclosed:
Critical
Weakness: Insecure Storage of Sensitive Information
CORS misconfiguration which leads to the disclosure
Reported by:
blackangel11
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
Authentication bypass and potential RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials
Reported by:
sp1d3rs
|
Disclosed:
High
Weakness: Improper Authentication - Generic
Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials
Reported by:
sp1d3rs
|
Disclosed:
Critical
Weakness: Improper Authentication - Generic
Local File Disclosure on the █████ (https://████████.edu/) leads to the full source code disclosure and credentials leak
Reported by:
sp1d3rs
|
Disclosed:
Critical
Weakness: Insecure Storage of Sensitive Information
██████████ running a vulnerable log4j
Reported by:
alex_gaynor
|
Disclosed:
Critical
Weakness: Use of Externally-Controlled Format String
CVEs:
CVE-2021-44228
Default Admin Username and Password on █████ Server at █████████mil
Reported by:
the_boschko
|
Disclosed:
Critical
Weakness: Improper Access Control - Generic
Full Account Take-Over of ████████ Members via IDOR
Reported by:
r00tpgp
|
Disclosed:
High
Weakness: Insecure Direct Object Reference (IDOR)
Reflected XSS in https://www.██████/
Reported by:
nirajgautamit
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
[CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (█████████.mil)
Reported by:
sp1d3rs
|
Disclosed:
Medium
Weakness: Path Traversal
Bounty: $750.00
CVEs:
CVE-2018-0296
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███)
Reported by:
sp1d3rs
|
Disclosed:
High
Weakness: Path Traversal
Bounty: $2000.00
SharePoint Web Services Exposed to Anonymous Access Users
Reported by:
balisong
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
Members Personal Information Leak Due to IDOR
Reported by:
r00tpgp
|
Disclosed:
Medium
Weakness: Information Disclosure