U.S. Dept Of Defense - HackerOne Reports
View on HackerOne826
Total Reports
167
Critical
211
High
376
Medium
63
Low
Upload and delete files in debug page without access control.
Reported by:
0r10nh4ck
|
Disclosed:
High
Weakness: Improper Access Control - Generic
CSRF leads to Account takeover
Reported by:
br0x1337
|
Disclosed:
High
Weakness: Cross-Site Request Forgery (CSRF)
Sensitive Information Leaking Through DoD Owned Website. [██████████]
Reported by:
rootuser
|
Disclosed:
Critical
Weakness: Insufficiently Protected Credentials
Sensitive data exposure via /secure/███████ endpoint on ████████
Reported by:
njmulsqb
|
Disclosed:
Medium
Weakness: Information Disclosure
CVEs:
CVE-2020-14179
[CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!
Reported by:
whoisbinit
|
Disclosed:
Medium
Weakness: LDAP Injection
CVEs:
CVE-2021-29156
[CVE-2021-29156] LDAP Injection at https://██████
Reported by:
whoisbinit
|
Disclosed:
Medium
Weakness: LDAP Injection
CVEs:
CVE-2021-29156
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████
Reported by:
njmulsqb
|
Disclosed:
Medium
Weakness: Information Disclosure
CVEs:
CVE-2020-14179
Unauth RCE on Jenkins Instance at https://█████████/
Reported by:
brbsainath
|
Disclosed:
Critical
Weakness: OS Command Injection
stored cross site scripting in https://████████.edu
Reported by:
maskedpersian
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
stored cross site scripting in https://████
Reported by:
maskedpersian
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
stored cross site scripting in https://██████████
Reported by:
maskedpersian
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Stored Xss Vulnerability on ████████
Reported by:
ali
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604)
Reported by:
l00ph0le
|
Disclosed:
High
Weakness: OS Command Injection
CVEs:
CVE-2019-0604
IDOR Lead To VIEW & DELETE & Create api_key [HtUS]
Reported by:
bate5a
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
XSS DUE TO CVE-2020-3580
Reported by:
cruxn3t
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
CVEs:
CVE-2020-3580
Publicly accessible Order confirmations leaking User Emails on ███
Reported by:
alyssa_herrera
|
Disclosed:
High
Weakness: Information Disclosure
Able to view Backend Database dur to improper authentication
Reported by:
nobody_cares_
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
Gateway information leakage
Reported by:
hackerfactor
|
Disclosed:
High
Weakness: Privacy Violation
Apache solr RCE via velocity template
Reported by:
khizer47
|
Disclosed:
Critical
Weakness: Code Injection
Remote Code Execution (RCE) in DoD Websites
Reported by:
joaomatosf
|
Disclosed:
Critical
Weakness: Code Injection