Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

U.S. General Services Administration - HackerOne Reports

View on HackerOne

17

Total Reports

3

Critical

6

High

4

Medium

3

Low

PHP info page disclosure

Reported by: valluvarsploit_h1 | Disclosed:

Low

Weakness: Information Disclosure

IDOR at training.smartpay.gsa.gov/reports/quizzes-taken-by-user

Reported by: alihassam95 | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

TAMS registration details API for admins open at https://tamsapi.gsa.gov/user/tams/api/usermgmnt/pendingUserDetails/

Reported by: skarsom | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Account takeover through multistage CSRF at https://autochoice.fas.gsa.gov/AutoChoice/changeQAOktaAnswer and ../AutoChoice/changePwOktaAnswer

Reported by: rptl | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Read Other Users Reports Through Cloning

Reported by: imthatt | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

CRLF INJECTION

Reported by: amannnnnnnnnnnnnnn | Disclosed:

Low

Web Cache Poisoning leading to DoS

Reported by: letm3through | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

e-mail verification bypass through interception & modification of response status

Reported by: rptl | Disclosed:

Weakness: Violation of Secure Design Principles

Unauthorized access to employee panel with default credentials.

Reported by: 7azimo | Disclosed:

High

Weakness: Authentication Bypass Using an Alternate Path or Channel

[Transportation Management Services Solution 2.0] Improper authorization at tmss.gsa.gov leads to data exposure of all registered users

Reported by: alexandrio | Disclosed:

Critical

Weakness: Improper Authorization

Path Traversal on meetcqpub1.gsa.gov allows attackers to see arbitrary file listings.

Reported by: 0x0luke | Disclosed:

Low

Weakness: Path Traversal

IDOR at https://demo.sftool.gov/TwsHome/ScorecardManage/ via scorecard name

Reported by: imthatt | Disclosed:

High

Weakness: Improper Access Control - Generic

Registered users contact information disclosure on salesforce lightning endpoint https://disposal.gsa.gov

Reported by: rptl | Disclosed:

High

Weakness: Information Disclosure

Weak password policy leading to exposure of administrator account access

Reported by: rptl | Disclosed:

Critical

Weakness: Misconfiguration

Account takeover leading to PII chained with stored XSS

Reported by: imthatt | Disclosed:

High

Weakness: Improper Authentication - Generic

User information disclosed via API

Reported by: toormund | Disclosed:

High

Weakness: Information Disclosure

access nagios dashboard using default credentials in omon1.fpki.gov, 3.220.248.203

Reported by: ahmed0x0mahmoud | Disclosed:

Critical

Weakness: Improper Access Control - Generic