Deptofdefense


Most disclosed vulnerability type (42 disclosures) — Cross-site Scripting (XSS) - Generic

korprit has disclosed the most with 15 reports!

220 total issues disclosed

$0 total paid publicly


Accepts reports via HackerOne

Deptofdefense's top public payouts




Most recently disclosed


SharePoint Web Services Exposed to Anonymous Access

@ Submitted by balisong
Bug Type: Improper Access Control - Generic

Disclosed on 2020-11-24

Rating: Medium


SharePoint Web Services Exposed to Anonymous Access

@ Submitted by balisong
Bug Type: Information Disclosure

Disclosed on 2020-11-24

Rating: Medium


View another user information with IDOR vulnerability

@ Submitted by silentbreach
Bug Type: Insecure Direct Object Reference (IDOR)

Disclosed on 2020-11-23

Rating: High


Rating: Low


{███} It is posible download all information and files via S3 Bucket Misconfiguration

@ Submitted by z3ck3bug
Bug Type: Improper Access Control - Generic

Disclosed on 2020-11-23

Rating: Medium


Unauthenticated Arbitrary File Deletion "CVE-2020-3187" in █████

@ Submitted by emad777
Bug Type: Path Traversal

Disclosed on 2020-11-23

Rating: Critical


Local File Inclusion In Registration Page

@ Submitted by moloshy
Bug Type: Path Traversal

Disclosed on 2020-11-23

Rating: High


CORS misconfiguration which leads to the disclosure

@ Submitted by ahmed12ossman
Bug Type: Improper Access Control - Generic

Disclosed on 2020-11-23

Rating: Medium


XSS Reflect to POST █████

@ Submitted by ofjaaah1
Bug Type: Cross-site Scripting (XSS) - Reflected

Disclosed on 2020-11-23

Rating: Medium


Reflected XSS on https://████/ (Bypass of #1002977)

@ Submitted by nagli
Bug Type: Cross-site Scripting (XSS) - Reflected

Disclosed on 2020-11-23

Rating: Medium


Rating: High


https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD

@ Submitted by themastersunil
Bug Type: Improper Authentication - Generic

Disclosed on 2020-11-23

Rating: Critical


IDOR + Account Takeover [UNAUTHENTICATED]

@ Submitted by silentbreach
Bug Type: Insecure Direct Object Reference (IDOR)

Disclosed on 2020-11-09

Rating: Critical


CSRF to account takeover in https://█████/

@ Submitted by i_hack_everyone
Bug Type: Cross-Site Request Forgery (CSRF)

Disclosed on 2020-11-09

Rating: Critical


[████] SQL Injections on Referer Header exploitable via Time-Based method

@ Submitted by polygon35
Bug Type: SQL Injection

Disclosed on 2020-11-02

Rating: High