U.S. Dept Of Defense Bug Bounty Program Statistics

U.S. Dept Of Defense Program Statistics

263 total issues disclosed

$8,000 total paid publicly

Most disclosed (42 disclosures) — Cross-site Scripting (XSS) - Generic

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
Expired SSL Certificate allows credentials steal	Violation of Secure Design Principles	dmonsterrr	Medium	2021-11-29
Unauthenticated Access to Admin Panel Functions at https://███████/███	Improper Access Control - Generic	palaziv	Critical	2021-11-29
Unauthenticated Access to Admin Panel Functions at https://██████████/████████	Improper Access Control - Generic	palaziv	Critical	2021-11-29
AWS subdomain takeover of www.███████	Improper Access Control - Generic	al-madjus	High	2021-10-28
RXSS - https://████████/	Cross-site Scripting (XSS) - Reflected	0xelkomy	Medium	2021-10-18
phpinfo() disclosure info	Information Disclosure	0xelkomy	Medium	2021-10-18
Reflected Xss https://██████/	Cross-site Scripting (XSS) - Reflected	0xelkomy	Medium	2021-10-18
RXSS - ████	Cross-site Scripting (XSS) - Reflected	0xelkomy	Medium	2021-10-18
DoD internal documents are leaked to the public	Information Disclosure	mrempy	Medium	2021-10-15
POST based RXSS on https://███████/ via ███ parameter	Cross-site Scripting (XSS) - Reflected	nagli	Medium	2021-10-13
Subdomain takeover [████████]	Privilege Escalation	fdeleite	Critical	2021-10-13
Cache Posioning leading to denial of service at `█████████` - Bypass fix from report #1198434	Denial of Service	brumens	High	2021-10-13
XSS on ███	Cross-site Scripting (XSS) - Reflected	0xelkot	Medium	2021-08-19
S3 bucket listing/download	Improper Access Control - Generic	fdeleite	Medium	2021-08-19
[CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!	LDAP Injection	whoisbinit	Medium	2021-08-19
CUI labled and ████ and ██████ Restricted ██████ intelligence	Information Disclosure	alyssa_herrera	Medium	2021-08-19
XSS due to CVE-2020-3580 [███.mil]	Cross-site Scripting (XSS) - Reflected	fdeleite	Medium	2021-08-19
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)	Code Injection	fdeleite	High	2021-07-29
XSS DUE TO CVE-2020-3580	Cross-site Scripting (XSS) - Reflected	vess_razz	Medium	2021-07-29
xss on https://███████(█████████ parameter)	Cross-site Scripting (XSS) - Reflected	fiveguyslover	Medium	2021-07-29
Cross site scripting	Cross-site Scripting (XSS) - Reflected	lu3ky-13	Medium	2021-07-29
[HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████	Cryptographic Issues - Generic	sp1d3rs	High	2021-07-29
Reflected XSS - https://███	Cross-site Scripting (XSS) - Reflected	fiveguyslover	Medium	2021-07-29
XSS Reflected on https://███ (███ parameter)	Cross-site Scripting (XSS) - Reflected	fiveguyslover	Medium	2021-07-29
xss reflected on https://███████- (███ parameters)	Cross-site Scripting (XSS) - Reflected	fiveguyslover	Medium	2021-07-29
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████	File and Directory Information Exposure	sp1d3rs	Critical	2021-07-29
SQL injection my method -1 OR 321=6 AND 000159=000159	Code Injection	lu3ky-13	Medium	2021-07-29
All private support requests to ███████ are being disclosed at https://███████	Information Disclosure	nagli	High	2021-07-29
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)	Code Injection	fdeleite	High	2021-07-29
SQLi on █████████	SQL Injection	hexagr	High	2021-07-29
XSS DUE TO CVE-2020-3580	Cross-site Scripting (XSS) - Reflected	veshrajghimire	Medium	2021-07-29
Cache Posioning leading do Denial of Service on `www.█████████`	Denial of Service	brumens	High	2021-07-09
Self stored Xss + Login Csrf	Cross-site Scripting (XSS) - Stored	biest	Medium	2021-06-30
IDOR while uploading ████ attachments at [█████████]	Insecure Direct Object Reference (IDOR)	prophet	High	2021-06-30
Reflected XSS at [████████]	Cross-site Scripting (XSS) - Reflected	prophet	Medium	2021-06-30
CSRF Based XSS @ https://██████████	Cross-site Scripting (XSS) - Reflected	nagli	Medium	2021-06-30
Unauthorized access to admin panel of the Questionmark Perception system at https://██████████	Improper Access Control - Generic	qdoan95	Critical	2021-06-30
[www.███] Reflected Cross-Site Scripting	Cross-site Scripting (XSS) - Reflected	celesian	Medium	2021-06-30
[█████████] Reflected Cross-Site Scripting Vulnerability	Cross-site Scripting (XSS) - Reflected	celesian	Medium	2021-06-30
Default Admin Username and Password on █████ Server at █████████mil	Improper Access Control - Generic	the_boschko	Critical	2021-06-15
Web Cache Poisoning on █████	Violation of Secure Design Principles	fr1nge	High	2021-06-03
Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935)	Deserialization of Untrusted Data	un4gi	Critical	2021-06-03
Blind SQL iNJECTION	SQL Injection	1337n0x	Medium	2021-06-03
SharePoint Web Services Exposed to Anonymous Access	Information Disclosure	balisong	Medium	2020-11-24
SharePoint Web Services Exposed to Anonymous Access	Improper Access Control - Generic	balisong	Medium	2020-11-24
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD	Improper Authentication - Generic	themastersunil	Critical	2020-11-23
[SQLI ]Time Bassed Injection at ██████████ via /██████/library.php?c=G14 parameter	SQL Injection	zinminphy00	High	2020-11-23
Reflected XSS on https://████/ (Bypass of #1002977)	Cross-site Scripting (XSS) - Reflected	nagli	Medium	2020-11-23
XSS Reflect to POST █████	Cross-site Scripting (XSS) - Reflected	ofjaaah1	Medium	2020-11-23
CORS misconfiguration which leads to the disclosure	Improper Access Control - Generic	ahmed12ossman	Medium	2020-11-23
Local File Inclusion In Registration Page	Path Traversal	moloshy	High	2020-11-23
Unauthenticated Arbitrary File Deletion "CVE-2020-3187" in █████	Path Traversal	emad777	Critical	2020-11-23
{███} It is posible download all information and files via S3 Bucket Misconfiguration	Improper Access Control - Generic	z3ck3bug	Medium	2020-11-23
Apparent ██████████ website is publicly exposed, suggests default account details on page and has expired SSL/TLS cert	Improper Access Control - Generic	mcbazza	Low	2020-11-23
View another user information with IDOR vulnerability	Insecure Direct Object Reference (IDOR)	silentbreach	High	2020-11-23
IDOR + Account Takeover [UNAUTHENTICATED]	Insecure Direct Object Reference (IDOR)	silentbreach	Critical	2020-11-09
CSRF to account takeover in https://█████/	Cross-Site Request Forgery (CSRF)	i_hack_everyone	Critical	2020-11-09
403 Forbidden Bypass at www.██████.mil	Forced Browsing	soldawn	Medium	2020-11-02
hardcoded password stored in javascript of https://████.mil	Use of Hard-coded Password	x3ph_	High	2020-11-02
Reflected XSS in https://███████ via search parameter	Cross-site Scripting (XSS) - Reflected	kegn	Medium	2020-11-02
PII Leak (such as CAC User ID) at https://████████/pages/login.aspx	Insecure Storage of Sensitive Information	pi_hunter50	Medium	2020-11-02
[████] SQL Injections on Referer Header exploitable via Time-Based method	SQL Injection	polygon35	High	2020-11-02
Access to Unclassified / FOUO Advanced Motion Platform of █████████.mil	Improper Access Control - Generic	kaulse	Medium	2020-11-02
[SQLI ]Time Bassed Injection at ██████████ via referer header	SQL Injection	yassinek3ch	High	2020-10-16
CSRF to account takeover in https://███████.mil/	Cross-Site Request Forgery (CSRF)	dhakal_bibek	Critical	2020-10-16
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD	Array Index Underflow	hassanshahid	Critical	2020-10-16
[CVE-2020-3452] Unauthenticated file read in Cisco ASA	Path Traversal	mzfr	High	2020-10-16
[██████████.mil] Cisco VPN Service Path Traversal	Path Traversal	arm4nd0	High	2020-10-16
Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179	Information Disclosure	r4d1kal	Medium	2020-10-16
External Service Interaction \| https://█████████.mil	Information Disclosure	x3ph_	High	2020-10-16
Stored XSS via Comment Form at ████████	Cross-site Scripting (XSS) - Stored	un4gi	High	2020-09-29
Cross Site Scripting (XSS) – Reflected	Cross-site Scripting (XSS) - Reflected	jayhanspara	Medium	2020-09-29
Reflected XSS in https://www.██████/	Cross-site Scripting (XSS) - Reflected	nirajgautamit	Medium	2020-09-29
Reflected XSS in https://www.█████/	Cross-site Scripting (XSS) - Reflected	nirajgautamit	Medium	2020-09-29
IDOR to Account Takeover on https://████/index.html	Insecure Direct Object Reference (IDOR)	nagli	High	2020-09-29
SQLi in login form of █████	SQL Injection	erbbysam	Critical	2020-09-29
Unauthenticated Arbitrary File Deletion ("CVE-2020-3187") in ████████	Path Traversal	dwisiswant0	Critical	2020-09-29
DOM XSS on https://www.███████	Cross-site Scripting (XSS) - DOM	gamer7112	Medium	2020-09-29
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion	Path Traversal	oucast-	Critical	2020-09-21
Reflected Xss	Cross-site Scripting (XSS) - Reflected	0xelkomy	Medium	2020-09-21
Sensitive information about a ██████	Cleartext Storage of Sensitive Information	0x9747	High	2020-09-21
Remote Code Execution on █████████	Code Injection	hzllaga	Critical	2020-09-03
CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower.	Path Traversal	professor1	High	2020-09-03
Subdomain takeover due to an unclaimed Amazon S3 bucket on ███	Cross-site Scripting (XSS) - Generic	chron0x	Critical	2020-09-03
Subdomain takeover due to an unclaimed Amazon S3 bucket on ███	Cross-site Scripting (XSS) - Generic	chron0x	Critical	2020-09-03
███ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability	Path Traversal	secret_letters	High	2020-09-03
Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd	Information Disclosure	rudra_2000	Medium	2020-09-03
Сode injection host █████████	Code Injection	e3xpl0it	High	2020-09-03
Reflected XSS on ███████	Cross-site Scripting (XSS) - Reflected	nagli	Medium	2020-09-03
https://█████ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability	Path Traversal	they	High	2020-08-13
Path traversal on https://███ allows arbitrary file read (CVE-2020-3452)	Path Traversal	un4gi	High	2020-08-13
Remote Code Execution via CVE-2019-18935	Deserialization of Untrusted Data	un4gi	Critical	2020-08-13
HTML Injection leads to XSS on███	Cross-site Scripting (XSS) - Generic	lemonoftroy	Medium	2020-07-30
Exposed Docker Registry at https://████	Improper Authentication - Generic	chron0x	High	2020-07-30
Reflected XSS on https://███████/	Cross-site Scripting (XSS) - Reflected	the_unlucky_guy	Medium	2020-07-30
RCE (Remote code execution) in one of DoD's websites	Cryptographic Issues - Generic	ilyass01	Critical	2020-07-30
Reflected XSS on ███████ page	Cross-site Scripting (XSS) - Generic	scraps	Medium	2020-07-30
(CORS) Cross-origin resource sharing misconfiguration	Business Logic Errors	natanalves01001	Medium	2020-07-14
SharePoint Web Services Exposed to Anonymous Access Users	Improper Access Control - Generic	balisong	Medium	2020-07-14
CSRF Account Deletion on ███ Website	Cross-Site Request Forgery (CSRF)	notdeghost	Medium	2020-07-09
Subdomain takeover of ████	Privilege Escalation	flav_	Critical	2020-07-08
Stored XSS at ██████userprofile.aspx	Cross-site Scripting (XSS) - Stored	pi_hunter50	High	2020-07-08
Unrestricted File Upload Leads to XSS & Potential RCE	Unrestricted Upload of File with Dangerous Type	pi_hunter50	High	2020-07-08
SQL Injection in the `move_papers.php` on the https://██████████	SQL Injection	sp1d3rs	High	2020-06-25
PII/PHI data available on web https://████████Portals/22/Documents/Meetings	Cleartext Storage of Sensitive Information	pvm	High	2020-06-25
xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php	Denial of Service	dhakal_bibek	Medium	2020-06-25
[█████████] Administrative access to Oracle WebLogic Server using default credentials	Improper Access Control - Generic	arm4nd0	Critical	2020-06-25
Unrestricted File Upload to ███████SubmitRequest/Index.cfm?fwa=wizardform	Violation of Secure Design Principles	un4gi	High	2020-06-11
SSN is exposed on slides, previous critical report was not fixed in an appropriate way	Cleartext Storage of Sensitive Information	pvm	Critical	2020-06-11
CSRF - Modify Company Info	Cross-Site Request Forgery (CSRF)	ahmd_halabi	Medium	2020-06-11
Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE	Information Exposure Through an Error Message	pvm	Medium	2020-06-11
CSRF - Close Account	Cross-Site Request Forgery (CSRF)	ahmd_halabi	Medium	2020-06-11
Account takeover through CSRF in http://███████/██████████/default.asp	Cross-Site Request Forgery (CSRF)	dhakal_ananda	High	2020-06-11
Self XSS combine CSRF at https://████████/index.php	Cross-site Scripting (XSS) - Reflected	manshum12	Medium	2020-05-27
Previously Compromised PulseSSL VPN Hosts	Insecure Storage of Sensitive Information	r00tpgp	Critical	2020-05-27
No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service	Violation of Secure Design Principles	nagli	Medium	2020-05-27
Remote Code Execution through DNN Cookie Deserialization	OS Command Injection	droop3r	High	2020-05-27
Stored Xss Vulnerability on ████████	Cross-site Scripting (XSS) - Stored	mygf	High	2020-05-14
Bypassing CORS Misconfiguration Leads to Sensitive Exposure	Business Logic Errors	duckoverflow	Medium	2020-05-14
Reflected cross-site scripting vulnerability on a DoD website	Cross-site Scripting (XSS) - Reflected	realtess	High	2020-05-14
SQL Injection in Login Page: https://█████/█████████/login.php	SQL Injection	l00ph0le	High	2020-05-14
SSN leak due to editable slides	Insecure Storage of Sensitive Information	alyssa_herrera	Critical	2020-05-14
████ - Complete account takeover	Improper Authentication - Generic	cablej_dds	Critical	2020-05-11
Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604)	OS Command Injection	l00ph0le	High	2020-05-11
Remote Code Execution in ██████	OS Command Injection	s3cr3tsdn	Critical	2020-05-11
Command Injection (via CVE-2019-11510 and CVE-2019-11539)	Command Injection - Generic	l00ph0le	Critical	2020-05-07
Remote Code Execution via Insecure Deserialization in Telerik UI	Deserialization of Untrusted Data	sw33tlie	Critical	2020-05-07
Public instance of Jenkins on https://██████████/ with /script enabled	Code Injection	niteshsurana	Critical	2020-01-31
Information disclousure by clicking on the link shown in http://████████/	Information Disclosure	pirateducky	High	2019-12-02
SQL Injection on www.██████████ on countID parameter	SQL Injection	0_1vitthal	High	2019-10-08
XXE in DoD website that may lead to RCE	XML External Entities (XXE)	jin	Critical	2019-10-04
Remote Code Execution (RCE) in a DoD website	Code Injection	manoelt	Critical	2019-10-04
SQL Injection in ████	SQL Injection	arinerron2	High	2019-08-19
Remote Code Execution (RCE) in a DoD website	Deserialization of Untrusted Data	joaomatosf	Critical	2018-04-17
SQL injection	SQL Injection	alyssa_herrera	High	2018-04-17
SSRF+XSS	Information Disclosure	alyssa_herrera	Critical	2018-04-17
Information Disclosure	Information Disclosure	alyssa_herrera	Critical	2018-04-17
Remote Code Execution (RCE) in DoD Websites	Code Injection	joaomatosf	Critical	2018-04-17
X-XSS-Protection -> Misconfiguration	Violation of Secure Design Principles	bb343cc5cbd74210c09dafe	Low	2017-12-15
SQL Injection vulnerability in a DoD website	SQL Injection	eugui	Medium	2017-08-15
Cross-site scripting (XSS) vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	guruprasadmullangi	Low	2017-08-15
Remote Code Execution (RCE) vulnerability in a DoD website	XML External Entities (XXE)	peuch	High	2017-08-15
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Reflected	guifre	Low	2017-08-15
Insecure Direct Object Reference (IDOR) vulnerability in a DoD website	Violation of Secure Design Principles	eugui	Medium	2017-08-15
SQL Injection vulnerability in a DoD website	SQL Injection	tcpiplab	Medium	2017-08-15
Cross-site scripting (XSS) vulnerability on a DoD website	CRLF Injection	sp1d3rs	Low	2017-08-15
Information disclosure vulnerability on a DoD website	Information Disclosure	reptou	Critical	2017-08-15
Cross-site scripting (XSS) on a DoD website	Cross-site Scripting (XSS) - Generic	reptou	Low	2017-08-15
Server Side Request Forgery (SSRF) vulnerability in a DoD website	Server-Side Request Forgery (SSRF)	korprit	Low	2017-08-15
SQL Injection vulnerability in a DoD website	SQL Injection	hassaan	Medium	2017-08-15
Information disclosure vulnerability on a DoD website	Information Disclosure	lalka	Low	2017-07-05
Remote code execution (RCE) in multiple DoD websites	Code Injection	joaomatosf	Critical	2017-07-05
Information disclosure vulnerability on a DoD website	Information Disclosure	twicedi	Medium	2017-07-05
Cross-site scripting (XSS) vulnerability on a DoD website	Cross-site Scripting (XSS) - Reflected	jin	Low	2017-07-05
Information disclosure vulnerability on a DoD website	Information Exposure Through Debug Information	sp1d3rs	Low	2017-07-05
Limited code execution vulnerability on a DoD website	Server-Side Request Forgery (SSRF)	sp1d3rs	High	2017-07-05
Violation of secure design principles on a DoD website	Violation of Secure Design Principles	spam404	Low	2017-07-05
Arbitary file download vulnerability on a DoD website	Insecure Direct Object Reference (IDOR)	alyssa_herrera	Medium	2017-07-05
Arbitary file download vulnerability on a DoD website	Insecure Direct Object Reference (IDOR)	alyssa_herrera	Medium	2017-07-05
Remote Code Execution (RCE) vulnerability in multiple DoD websites	Code Injection	joaomatosf	Critical	2017-07-05
Time Based SQL Injection vulnerability on a DoD website	SQL Injection	alyssa_herrera	Medium	2017-07-05
SQL Injection vulnerability in a DoD website	SQL Injection	albinowax	High	2017-07-05
Arbitary file download vulnerability on a DoD website	Information Disclosure	alyssa_herrera	Low	2017-07-05
SQL Injection vulnerability in a DoD website	SQL Injection	alyssa_herrera	Medium	2017-07-05
Reflected XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	mantis	Low	2017-07-05
SQL injection vulnerability on a DoD website	SQL Injection	0xd0m7	Medium	2017-07-05
Remote code execution vulnerability on a DoD website	Code Injection	cha5m	Critical	2017-07-03
Information disclosure on a DoD website	Information Disclosure	tsug0d	No rating	2017-07-03
Server-side include injection vulnerability in a DoD website	Code Injection	jutsuce	High	2017-07-03
Default credentials on a DoD website	Improper Authentication - Generic	korprit	High	2017-07-03
Stored cross site scripting (XSS) vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	ahsan	Low	2017-06-23
Reflected cross-site scripting (XSS) vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	ahsan	Low	2017-06-23
Information disclosure vulnerability on a DoD website	NULL Pointer Dereference	tcpiplab	Low	2017-06-23
Reflective XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	fantam1	Low	2017-06-23
SQL injection vulnerability in a DoD website	SQL Injection	shakaa1	Medium	2017-06-23
Remote code execution vulnerability on a DoD website	Code Injection	korprit	High	2017-06-23
SQL Injection vulnerability in a DoD website	SQL Injection	korprit	High	2017-06-23
Information disclosure vulnerability in a DoD website	Cryptographic Issues - Generic	r0p3	Low	2017-06-23
Reflected XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	r0p3	Low	2017-06-23
Remote code execution vulnerability on a DoD website	Code Injection	mantis	Low	2017-06-23
Cross-site request forgery (CSRF) vulnerability in a DoD website	Cross-site Scripting (XSS) - Generic	mantis	Low	2017-06-23
Open redirect vulnerability in a DoD website	Open Redirect	niwasaki	Low	2017-06-23
Information disclosure vulnerability on a DoD website	Improper Authentication - Generic	jon_bottarini	Medium	2017-06-16
Information disclosure vulnerability on a DoD website	Violation of Secure Design Principles	sp1d3rs	Low	2017-06-16
Information disclosure vulnerability on a DoD website	Information Disclosure	sp1d3rs	Low	2017-06-16
Information disclosure vulnerability on a DoD website	Information Disclosure	sp1d3rs	Low	2017-06-16
Reflected XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	korprit	Low	2017-06-16
Cross-site request forgery (CSRF) vulnerability on a DoD website	Cross-Site Request Forgery (CSRF)	korprit	Medium	2017-06-16
SQL injection vulnerability on a DoD website	SQL Injection	korprit	Medium	2017-06-16
Reflected XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Reflected	twicedi	Low	2017-06-16
Time Based SQL Injection vulnerability on a DoD website	SQL Injection	korprit	Medium	2017-06-16
DOM Based XSS on a DoD website	Cross-site Scripting (XSS) - Generic	juliocesar	Low	2017-06-16
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Generic	juliocesar	Low	2017-06-16
Blind SQLi vulnerability in a DoD Website	Cross-site Scripting (XSS) - Generic	sp1d3rs	Medium	2017-06-16
Reflected XSS in a DoD Website	Cross-site Scripting (XSS) - Reflected	shogunlab	Low	2017-06-14
Blind SQLi in a DoD Website	SQL Injection	akaki	Medium	2017-06-14
Remote Code Execution (RCE) in a DoD website	Code Injection	joaomatosf	Critical	2017-06-14
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Generic	juliocesar	Low	2017-06-01
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Generic	ramsexy	Low	2017-06-01
Server side information disclosure on a DoD website	Information Disclosure	samhax	Low	2017-06-01
Information disclosure vulnerability on a DoD website	Information Disclosure	babayaga_	High	2017-06-01
Remote Code Execution (RCE) in a DoD website	Code Injection	0daystolive	Critical	2017-06-01
Insecure direct object reference vulnerability on a DoD website	Privilege Escalation	rijalrojan	Low	2017-06-01
SQL injection vulnerability on a DoD website	SQL Injection	mthirup	High	2017-05-31
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Generic	eugui	Low	2017-05-31
Stored XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	rashedhasan007	No rating	2017-05-31
Information disclosure vulnerability on a DoD website	Information Disclosure	clizsec	Low	2017-04-27
Cross-Site Scripting (XSS) on a DoD website	Cross-site Scripting (XSS) - Generic	clizsec	No rating	2017-04-27
XSS on a DoD website	Cross-site Scripting (XSS) - Generic	ramsexy	Low	2017-04-27
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Generic	korprit	Medium	2017-04-27
SQL injection vulnerability on a DoD website	SQL Injection	korprit	Medium	2017-04-27
HTML injection vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	kunal_khubchandani	Low	2017-04-27
Information disclosure vulnerability on a DoD website	Information Disclosure	joshualaurencio	Low	2017-04-27
Remote file inclusion vulnerability on a DoD website	Violation of Secure Design Principles	sp1d3rs	Medium	2017-04-27
Local file inclusion vulnerability on a DoD website	Privilege Escalation	fransrosen	Medium	2017-04-27
Reflected XSS vulnerability in a DoD website	Cross-site Scripting (XSS) - Generic	rashedhasan007	No rating	2017-04-27
Remote Code Execution (RCE) in a DoD website	Code Injection	joaomatosf	Critical	2017-04-13
Remote Command Execution on a DoD website	Code Injection	t-pwn	No rating	2017-04-07
Cross-site scripting (XSS) vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	juliocesar	No rating	2017-04-07
Reflected cross-site scripting vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	konduru-jashwanth	Low	2017-04-07
Bypass file access control vulnerability on a DoD website	Improper Authentication - Generic	generaleg	Low	2017-04-07
XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	swissky	Low	2017-03-16
File upload vulnerability on a DoD website	None supplied	korprit	Medium	2017-03-16
HTML Injection/Load Images vulnerability on a DoD website	Violation of Secure Design Principles	jon_bottarini	Medium	2017-03-16
Stored cross-site scripting (XSS) on a DoD website	Cross-site Scripting (XSS) - Generic	jon_bottarini	No rating	2017-03-16
Misconfigured user account settings on DoD website	Improper Authentication - Generic	mantis	No rating	2017-03-16
Potentially sensitive information disclosure on a DoD website	Information Disclosure	scraps	No rating	2017-03-16
Arbitrary Script Injection (Mail) in a DoD Website	Cross-site Scripting (XSS) - Generic	ahsan	Low	2017-03-16
Remote command execution (RCE) vulnerability on a DoD website	Code Injection	japp1	Critical	2017-03-16
Information disclosure on a DoD website	Information Disclosure	babayaga_	Low	2017-03-16
Password reset vulnerability on a DoD website	Improper Authentication - Generic	sp1d3rs	High	2017-03-16
Cross-site scripting (XSS) vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	r0p3	Low	2017-03-16
Information disclosure on a DoD website	Information Disclosure	r0p3	Low	2017-03-16
Cross-site scripting vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	r0p3	Low	2017-03-16
Cross-site request forgery vulnerability on a DoD website	Cross-Site Request Forgery (CSRF)	korprit	No rating	2017-03-16
Reflected XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	yaworsk	Low	2017-03-16
SQL injection vulnerability on a DoD website	SQL Injection	vag_mour	High	2017-03-16
SQL injection vulnerability on a DoD website	SQL Injection	mthirup	Medium	2017-02-17
Personal information disclosure on a DoD website	Information Disclosure	spam404	Medium	2017-02-16
Reflected XSS on a DoD website	Cross-site Scripting (XSS) - Generic	juliocesar	Low	2017-02-16
Authentication bypass vulnerability on a DoD website	Improper Authentication - Generic	spam404	Critical	2017-02-15
Privilege Escalation on a DoD Website	Privilege Escalation	vag_mour	Critical	2017-02-15
Exposed Access Control Data Backup Files on DoD Website	Improper Authentication - Generic	mazen160	Medium	2017-02-15
QuickTime Promotion on a DoD website	Violation of Secure Design Principles	spam404	Low	2017-02-15
Misconfigured password reset vulnerability on a DoD website	Improper Authentication - Generic	mthirup	Critical	2017-02-15
Open Redirect in a DoD website	Open Redirect	adrianomarcmont	Low	2017-02-14
Persistent XSS vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	korprit	Low	2017-02-14
Remote code execution on an Army website	Code Injection	meals	Critical	2017-01-12
Reflected XSS on a Department of Defense website	Cross-site Scripting (XSS) - Generic	juliocesar	No rating	2017-01-12
DOM Based XSS on an Army website	Cross-site Scripting (XSS) - Generic	juliocesar	Low	2017-01-12
Reflected XSS on an Army website	Cross-site Scripting (XSS) - Generic	juliocesar	No rating	2017-01-12
Information leakage on a Department of Defense website	Improper Authentication - Generic	korprit	Medium	2017-01-12
XSS vulnerability on an Army website	Cross-site Scripting (XSS) - Generic	spam404	Low	2017-01-11
SQL Injection vulnerability on a DoD website	Cross-site Scripting (XSS) - Generic	korprit	High	2017-01-11
Unrestricted File Download / Path Traversal	Information Disclosure	ziot	No rating	2017-01-11
RCE on a Department of Defense website	Code Injection	dawgyg	Critical	2017-01-11
Reflected XSS on a Navy website	Cross-site Scripting (XSS) - Generic	samux	No rating	2017-01-11
XXE on DoD web server	XML External Entities (XXE)	dawgyg	Critical	2017-01-09
Local File Inclusion vulnerability on an Army system allows downloading local files	Information Disclosure	nahamsec	High	2017-01-06
Server side information disclosure	Information Disclosure	samhax	No rating	2017-01-06
Reflected XSS in a Navy website	Cross-site Scripting (XSS) - Generic	juliocesar	Low	2017-01-06
Unrestricted File Upload	Command Injection - Generic	hogarth45	Critical	2016-12-22
DNS Misconfiguration	None supplied	atik-rahman	No rating	2016-12-22

BugBountyHunter

U.S. Dept Of Defense Program Statistics

Disclosed Reports