U.S. Dept Of Defense Program Statistics

View program

263 total issues disclosed

$8,000 total paid publicly

Most disclosed (42 disclosures) — Cross-site Scripting (XSS) - Generic

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Expired SSL Certificate allows credentials steal Violation of Secure Design Principles dmonsterrr Medium 2021-11-29
Unauthenticated Access to Admin Panel Functions at https://███████/███ Improper Access Control - Generic palaziv Critical 2021-11-29
Unauthenticated Access to Admin Panel Functions at https://██████████/████████ Improper Access Control - Generic palaziv Critical 2021-11-29
AWS subdomain takeover of www.███████ Improper Access Control - Generic al-madjus High 2021-10-28
RXSS - https://████████/ Cross-site Scripting (XSS) - Reflected 0xelkomy Medium 2021-10-18
phpinfo() disclosure info Information Disclosure 0xelkomy Medium 2021-10-18
Reflected Xss https://██████/ Cross-site Scripting (XSS) - Reflected 0xelkomy Medium 2021-10-18
RXSS - ████ Cross-site Scripting (XSS) - Reflected 0xelkomy Medium 2021-10-18
DoD internal documents are leaked to the public Information Disclosure mrempy Medium 2021-10-15
POST based RXSS on https://███████/ via ███ parameter Cross-site Scripting (XSS) - Reflected nagli Medium 2021-10-13
Subdomain takeover [​████████] Privilege Escalation fdeleite Critical 2021-10-13
Cache Posioning leading to denial of service at `█████████` - Bypass fix from report #1198434 Denial of Service brumens High 2021-10-13
XSS on ███ Cross-site Scripting (XSS) - Reflected 0xelkot Medium 2021-08-19
S3 bucket listing/download Improper Access Control - Generic fdeleite Medium 2021-08-19
[CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol! LDAP Injection whoisbinit Medium 2021-08-19
CUI labled and ████ and ██████ Restricted ██████ intelligence Information Disclosure alyssa_herrera Medium 2021-08-19
XSS due to CVE-2020-3580 [███.mil] Cross-site Scripting (XSS) - Reflected fdeleite Medium 2021-08-19
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) Code Injection fdeleite High 2021-07-29
XSS DUE TO CVE-2020-3580 Cross-site Scripting (XSS) - Reflected vess_razz Medium 2021-07-29
xss on https://███████(█████████ parameter) Cross-site Scripting (XSS) - Reflected fiveguyslover Medium 2021-07-29
Cross site scripting Cross-site Scripting (XSS) - Reflected lu3ky-13 Medium 2021-07-29
[HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████ Cryptographic Issues - Generic sp1d3rs High 2021-07-29
Reflected XSS - https://███ Cross-site Scripting (XSS) - Reflected fiveguyslover Medium 2021-07-29
XSS Reflected on https://███ (███ parameter) Cross-site Scripting (XSS) - Reflected fiveguyslover Medium 2021-07-29
xss reflected on https://███████- (███ parameters) Cross-site Scripting (XSS) - Reflected fiveguyslover Medium 2021-07-29
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████ File and Directory Information Exposure sp1d3rs Critical 2021-07-29
SQL injection my method -1 OR 3*2*1=6 AND 000159=000159 Code Injection lu3ky-13 Medium 2021-07-29
All private support requests to ███████ are being disclosed at https://███████ Information Disclosure nagli High 2021-07-29
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) Code Injection fdeleite High 2021-07-29
SQLi on █████████ SQL Injection hexagr High 2021-07-29
XSS DUE TO CVE-2020-3580 Cross-site Scripting (XSS) - Reflected veshrajghimire Medium 2021-07-29
Cache Posioning leading do Denial of Service on `www.█████████` Denial of Service brumens High 2021-07-09
Self stored Xss + Login Csrf Cross-site Scripting (XSS) - Stored biest Medium 2021-06-30
IDOR while uploading ████ attachments at [█████████] Insecure Direct Object Reference (IDOR) prophet High 2021-06-30
Reflected XSS at [████████] Cross-site Scripting (XSS) - Reflected prophet Medium 2021-06-30
CSRF Based XSS @ https://██████████ Cross-site Scripting (XSS) - Reflected nagli Medium 2021-06-30
Unauthorized access to admin panel of the Questionmark Perception system at https://██████████ Improper Access Control - Generic qdoan95 Critical 2021-06-30
[www.███] Reflected Cross-Site Scripting Cross-site Scripting (XSS) - Reflected celesian Medium 2021-06-30
[█████████] Reflected Cross-Site Scripting Vulnerability Cross-site Scripting (XSS) - Reflected celesian Medium 2021-06-30
Default Admin Username and Password on █████ Server at █████████mil Improper Access Control - Generic the_boschko Critical 2021-06-15
Web Cache Poisoning on █████ Violation of Secure Design Principles fr1nge High 2021-06-03
Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935) Deserialization of Untrusted Data un4gi Critical 2021-06-03
Blind SQL iNJECTION SQL Injection 1337n0x Medium 2021-06-03
SharePoint Web Services Exposed to Anonymous Access Information Disclosure balisong Medium 2020-11-24
SharePoint Web Services Exposed to Anonymous Access Improper Access Control - Generic balisong Medium 2020-11-24
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD Improper Authentication - Generic themastersunil Critical 2020-11-23
[SQLI ]Time Bassed Injection at ██████████ via /██████/library.php?c=G14 parameter SQL Injection zinminphy00 High 2020-11-23
Reflected XSS on https://████/ (Bypass of #1002977) Cross-site Scripting (XSS) - Reflected nagli Medium 2020-11-23
XSS Reflect to POST █████ Cross-site Scripting (XSS) - Reflected ofjaaah1 Medium 2020-11-23
CORS misconfiguration which leads to the disclosure Improper Access Control - Generic ahmed12ossman Medium 2020-11-23
Local File Inclusion In Registration Page Path Traversal moloshy High 2020-11-23
Unauthenticated Arbitrary File Deletion "CVE-2020-3187" in █████ Path Traversal emad777 Critical 2020-11-23
{███} It is posible download all information and files via S3 Bucket Misconfiguration Improper Access Control - Generic z3ck3bug Medium 2020-11-23
Apparent ██████████ website is publicly exposed, suggests default account details on page and has expired SSL/TLS cert Improper Access Control - Generic mcbazza Low 2020-11-23
View another user information with IDOR vulnerability Insecure Direct Object Reference (IDOR) silentbreach High 2020-11-23
IDOR + Account Takeover [UNAUTHENTICATED] Insecure Direct Object Reference (IDOR) silentbreach Critical 2020-11-09
CSRF to account takeover in https://█████/ Cross-Site Request Forgery (CSRF) i_hack_everyone Critical 2020-11-09
403 Forbidden Bypass at www.██████.mil Forced Browsing soldawn Medium 2020-11-02
hardcoded password stored in javascript of https://████.mil Use of Hard-coded Password x3ph_ High 2020-11-02
Reflected XSS in https://███████ via search parameter Cross-site Scripting (XSS) - Reflected kegn Medium 2020-11-02
PII Leak (such as CAC User ID) at https://████████/pages/login.aspx Insecure Storage of Sensitive Information pi_hunter50 Medium 2020-11-02
[████] SQL Injections on Referer Header exploitable via Time-Based method SQL Injection polygon35 High 2020-11-02
Access to Unclassified / FOUO Advanced Motion Platform of █████████.mil Improper Access Control - Generic kaulse Medium 2020-11-02
[SQLI ]Time Bassed Injection at ██████████ via referer header SQL Injection yassinek3ch High 2020-10-16
CSRF to account takeover in https://███████.mil/ Cross-Site Request Forgery (CSRF) dhakal_bibek Critical 2020-10-16
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD Array Index Underflow hassanshahid Critical 2020-10-16
[CVE-2020-3452] Unauthenticated file read in Cisco ASA Path Traversal mzfr High 2020-10-16
[██████████.mil] Cisco VPN Service Path Traversal Path Traversal arm4nd0 High 2020-10-16
Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179 Information Disclosure r4d1kal Medium 2020-10-16
External Service Interaction | https://█████████.mil Information Disclosure x3ph_ High 2020-10-16
Stored XSS via Comment Form at ████████ Cross-site Scripting (XSS) - Stored un4gi High 2020-09-29
Cross Site Scripting (XSS) – Reflected Cross-site Scripting (XSS) - Reflected jayhanspara Medium 2020-09-29
Reflected XSS in https://www.██████/ Cross-site Scripting (XSS) - Reflected nirajgautamit Medium 2020-09-29
Reflected XSS in https://www.█████/ Cross-site Scripting (XSS) - Reflected nirajgautamit Medium 2020-09-29
IDOR to Account Takeover on https://████/index.html Insecure Direct Object Reference (IDOR) nagli High 2020-09-29
SQLi in login form of █████ SQL Injection erbbysam Critical 2020-09-29
Unauthenticated Arbitrary File Deletion ("CVE-2020-3187") in ████████ Path Traversal dwisiswant0 Critical 2020-09-29
DOM XSS on https://www.███████ Cross-site Scripting (XSS) - DOM gamer7112 Medium 2020-09-29
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion Path Traversal oucast- Critical 2020-09-21
Reflected Xss Cross-site Scripting (XSS) - Reflected 0xelkomy Medium 2020-09-21
Sensitive information about a ██████ Cleartext Storage of Sensitive Information 0x9747 High 2020-09-21
Remote Code Execution on █████████ Code Injection hzllaga Critical 2020-09-03
CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. Path Traversal professor1 High 2020-09-03
Subdomain takeover due to an unclaimed Amazon S3 bucket on ███ Cross-site Scripting (XSS) - Generic chron0x Critical 2020-09-03
Subdomain takeover due to an unclaimed Amazon S3 bucket on ███ Cross-site Scripting (XSS) - Generic chron0x Critical 2020-09-03
███ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability Path Traversal secret_letters High 2020-09-03
Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd Information Disclosure rudra_2000 Medium 2020-09-03
Сode injection host █████████ Code Injection e3xpl0it High 2020-09-03
Reflected XSS on ███████ Cross-site Scripting (XSS) - Reflected nagli Medium 2020-09-03
https://█████ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability Path Traversal they High 2020-08-13
Path traversal on https://███ allows arbitrary file read (CVE-2020-3452) Path Traversal un4gi High 2020-08-13
Remote Code Execution via CVE-2019-18935 Deserialization of Untrusted Data un4gi Critical 2020-08-13
HTML Injection leads to XSS on███ Cross-site Scripting (XSS) - Generic lemonoftroy Medium 2020-07-30
Exposed Docker Registry at https://████ Improper Authentication - Generic chron0x High 2020-07-30
Reflected XSS on https://███████/ Cross-site Scripting (XSS) - Reflected the_unlucky_guy Medium 2020-07-30
RCE (Remote code execution) in one of DoD's websites Cryptographic Issues - Generic ilyass01 Critical 2020-07-30
Reflected XSS on ███████ page Cross-site Scripting (XSS) - Generic scraps Medium 2020-07-30
(CORS) Cross-origin resource sharing misconfiguration Business Logic Errors natanalves01001 Medium 2020-07-14
SharePoint Web Services Exposed to Anonymous Access Users Improper Access Control - Generic balisong Medium 2020-07-14
CSRF Account Deletion on ███ Website Cross-Site Request Forgery (CSRF) notdeghost Medium 2020-07-09
Subdomain takeover of ████ Privilege Escalation flav_ Critical 2020-07-08
Stored XSS at ██████userprofile.aspx Cross-site Scripting (XSS) - Stored pi_hunter50 High 2020-07-08
Unrestricted File Upload Leads to XSS & Potential RCE Unrestricted Upload of File with Dangerous Type pi_hunter50 High 2020-07-08
SQL Injection in the `move_papers.php` on the https://██████████ SQL Injection sp1d3rs High 2020-06-25
PII/PHI data available on web https://████████Portals/22/Documents/Meetings Cleartext Storage of Sensitive Information pvm High 2020-06-25
xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php Denial of Service dhakal_bibek Medium 2020-06-25
[█████████] Administrative access to Oracle WebLogic Server using default credentials Improper Access Control - Generic arm4nd0 Critical 2020-06-25
Unrestricted File Upload to ███████SubmitRequest/Index.cfm?fwa=wizardform Violation of Secure Design Principles un4gi High 2020-06-11
SSN is exposed on slides, previous critical report was not fixed in an appropriate way Cleartext Storage of Sensitive Information pvm Critical 2020-06-11
CSRF - Modify Company Info Cross-Site Request Forgery (CSRF) ahmd_halabi Medium 2020-06-11
Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE Information Exposure Through an Error Message pvm Medium 2020-06-11
CSRF - Close Account Cross-Site Request Forgery (CSRF) ahmd_halabi Medium 2020-06-11
Account takeover through CSRF in http://███████/██████████/default.asp Cross-Site Request Forgery (CSRF) dhakal_ananda High 2020-06-11
Self XSS combine CSRF at https://████████/index.php Cross-site Scripting (XSS) - Reflected manshum12 Medium 2020-05-27
Previously Compromised PulseSSL VPN Hosts Insecure Storage of Sensitive Information r00tpgp Critical 2020-05-27
No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service Violation of Secure Design Principles nagli Medium 2020-05-27
Remote Code Execution through DNN Cookie Deserialization OS Command Injection droop3r High 2020-05-27
Stored Xss Vulnerability on ████████ Cross-site Scripting (XSS) - Stored mygf High 2020-05-14
Bypassing CORS Misconfiguration Leads to Sensitive Exposure Business Logic Errors duckoverflow Medium 2020-05-14
Reflected cross-site scripting vulnerability on a DoD website Cross-site Scripting (XSS) - Reflected realtess High 2020-05-14
SQL Injection in Login Page: https://█████/█████████/login.php SQL Injection l00ph0le High 2020-05-14
SSN leak due to editable slides Insecure Storage of Sensitive Information alyssa_herrera Critical 2020-05-14
████ - Complete account takeover Improper Authentication - Generic cablej_dds Critical 2020-05-11
Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604) OS Command Injection l00ph0le High 2020-05-11
Remote Code Execution in ██████ OS Command Injection s3cr3tsdn Critical 2020-05-11
Command Injection (via CVE-2019-11510 and CVE-2019-11539) Command Injection - Generic l00ph0le Critical 2020-05-07
Remote Code Execution via Insecure Deserialization in Telerik UI Deserialization of Untrusted Data sw33tlie Critical 2020-05-07
Public instance of Jenkins on https://██████████/ with /script enabled Code Injection niteshsurana Critical 2020-01-31
Information disclousure by clicking on the link shown in http://████████/ Information Disclosure pirateducky High 2019-12-02
SQL Injection on www.██████████ on countID parameter SQL Injection 0_1vitthal High 2019-10-08
XXE in DoD website that may lead to RCE XML External Entities (XXE) jin Critical 2019-10-04
Remote Code Execution (RCE) in a DoD website Code Injection manoelt Critical 2019-10-04
SQL Injection in ████ SQL Injection arinerron2 High 2019-08-19
Remote Code Execution (RCE) in a DoD website Deserialization of Untrusted Data joaomatosf Critical 2018-04-17
SQL injection SQL Injection alyssa_herrera High 2018-04-17
SSRF+XSS Information Disclosure alyssa_herrera Critical 2018-04-17
Information Disclosure Information Disclosure alyssa_herrera Critical 2018-04-17
Remote Code Execution (RCE) in DoD Websites Code Injection joaomatosf Critical 2018-04-17
X-XSS-Protection -> Misconfiguration Violation of Secure Design Principles bb343cc5cbd74210c09dafe Low 2017-12-15
SQL Injection vulnerability in a DoD website SQL Injection eugui Medium 2017-08-15
Cross-site scripting (XSS) vulnerability on a DoD website Cross-site Scripting (XSS) - Generic guruprasadmullangi Low 2017-08-15
Remote Code Execution (RCE) vulnerability in a DoD website XML External Entities (XXE) peuch High 2017-08-15
Reflected XSS on a DoD website Cross-site Scripting (XSS) - Reflected guifre Low 2017-08-15
Insecure Direct Object Reference (IDOR) vulnerability in a DoD website Violation of Secure Design Principles eugui Medium 2017-08-15
SQL Injection vulnerability in a DoD website SQL Injection tcpiplab Medium 2017-08-15
Cross-site scripting (XSS) vulnerability on a DoD website CRLF Injection sp1d3rs Low 2017-08-15
Information disclosure vulnerability on a DoD website Information Disclosure reptou Critical 2017-08-15
Cross-site scripting (XSS) on a DoD website Cross-site Scripting (XSS) - Generic reptou Low 2017-08-15
Server Side Request Forgery (SSRF) vulnerability in a DoD website Server-Side Request Forgery (SSRF) korprit Low 2017-08-15
SQL Injection vulnerability in a DoD website SQL Injection hassaan Medium 2017-08-15
Information disclosure vulnerability on a DoD website Information Disclosure lalka Low 2017-07-05
Remote code execution (RCE) in multiple DoD websites Code Injection joaomatosf Critical 2017-07-05
Information disclosure vulnerability on a DoD website Information Disclosure twicedi Medium 2017-07-05
Cross-site scripting (XSS) vulnerability on a DoD website Cross-site Scripting (XSS) - Reflected jin Low 2017-07-05
Information disclosure vulnerability on a DoD website Information Exposure Through Debug Information sp1d3rs Low 2017-07-05
Limited code execution vulnerability on a DoD website Server-Side Request Forgery (SSRF) sp1d3rs High 2017-07-05
Violation of secure design principles on a DoD website Violation of Secure Design Principles spam404 Low 2017-07-05
Arbitary file download vulnerability on a DoD website Insecure Direct Object Reference (IDOR) alyssa_herrera Medium 2017-07-05
Arbitary file download vulnerability on a DoD website Insecure Direct Object Reference (IDOR) alyssa_herrera Medium 2017-07-05
Remote Code Execution (RCE) vulnerability in multiple DoD websites Code Injection joaomatosf Critical 2017-07-05
Time Based SQL Injection vulnerability on a DoD website SQL Injection alyssa_herrera Medium 2017-07-05
SQL Injection vulnerability in a DoD website SQL Injection albinowax High 2017-07-05
Arbitary file download vulnerability on a DoD website Information Disclosure alyssa_herrera Low 2017-07-05
SQL Injection vulnerability in a DoD website SQL Injection alyssa_herrera Medium 2017-07-05
Reflected XSS vulnerability on a DoD website Cross-site Scripting (XSS) - Generic mantis Low 2017-07-05
SQL injection vulnerability on a DoD website SQL Injection 0xd0m7 Medium 2017-07-05
Remote code execution vulnerability on a DoD website Code Injection cha5m Critical 2017-07-03
Information disclosure on a DoD website Information Disclosure tsug0d No rating 2017-07-03
Server-side include injection vulnerability in a DoD website Code Injection jutsuce High 2017-07-03
Default credentials on a DoD website Improper Authentication - Generic korprit High 2017-07-03
Stored cross site scripting (XSS) vulnerability on a DoD website Cross-site Scripting (XSS) - Generic ahsan Low 2017-06-23
Reflected cross-site scripting (XSS) vulnerability on a DoD website Cross-site Scripting (XSS) - Generic ahsan Low 2017-06-23
Information disclosure vulnerability on a DoD website NULL Pointer Dereference tcpiplab Low 2017-06-23
Reflective XSS vulnerability on a DoD website Cross-site Scripting (XSS) - Generic fantam1 Low 2017-06-23
SQL injection vulnerability in a DoD website SQL Injection shakaa1 Medium 2017-06-23
Remote code execution vulnerability on a DoD website Code Injection korprit High 2017-06-23
SQL Injection vulnerability in a DoD website SQL Injection korprit High 2017-06-23
Information disclosure vulnerability in a DoD website Cryptographic Issues - Generic r0p3 Low 2017-06-23
Reflected XSS vulnerability on a DoD website Cross-site Scripting (XSS) - Generic r0p3 Low 2017-06-23
Remote code execution vulnerability on a DoD website Code Injection mantis Low 2017-06-23
Cross-site request forgery (CSRF) vulnerability in a DoD website Cross-site Scripting (XSS) - Generic mantis Low 2017-06-23
Open redirect vulnerability in a DoD website Open Redirect niwasaki Low 2017-06-23
Information disclosure vulnerability on a DoD website Improper Authentication - Generic jon_bottarini Medium 2017-06-16
Information disclosure vulnerability on a DoD website Violation of Secure Design Principles sp1d3rs Low 2017-06-16
Information disclosure vulnerability on a DoD website Information Disclosure sp1d3rs Low 2017-06-16
Information disclosure vulnerability on a DoD website Information Disclosure sp1d3rs Low 2017-06-16
Reflected XSS vulnerability on a DoD website Cross-site Scripting (XSS) - Generic korprit Low 2017-06-16
Cross-site request forgery (CSRF) vulnerability on a DoD website Cross-Site Request Forgery (CSRF) korprit Medium 2017-06-16
SQL injection vulnerability on a DoD website SQL Injection korprit Medium 2017-06-16
Reflected XSS vulnerability on a DoD website Cross-site Scripting (XSS) - Reflected twicedi Low 2017-06-16
Time Based SQL Injection vulnerability on a DoD website SQL Injection korprit Medium 2017-06-16
DOM Based XSS on a DoD website Cross-site Scripting (XSS) - Generic juliocesar Low 2017-06-16
Reflected XSS on a DoD website Cross-site Scripting (XSS) - Generic juliocesar Low 2017-06-16
Blind SQLi vulnerability in a DoD Website Cross-site Scripting (XSS) - Generic sp1d3rs Medium 2017-06-16
Reflected XSS in a DoD Website Cross-site Scripting (XSS) - Reflected shogunlab Low 2017-06-14
Blind SQLi in a DoD Website SQL Injection akaki Medium 2017-06-14
Remote Code Execution (RCE) in a DoD website Code Injection joaomatosf Critical 2017-06-14
Reflected XSS on a DoD website Cross-site Scripting (XSS) - Generic juliocesar Low 2017-06-01
Reflected XSS on a DoD website Cross-site Scripting (XSS) - Generic ramsexy Low 2017-06-01
Server side information disclosure on a DoD website Information Disclosure samhax Low 2017-06-01
Information disclosure vulnerability on a DoD website Information Disclosure babayaga_ High 2017-06-01
Remote Code Execution (RCE) in a DoD website Code Injection 0daystolive Critical 2017-06-01
Insecure direct object reference vulnerability on a DoD website Privilege Escalation rijalrojan Low 2017-06-01
SQL injection vulnerability on a DoD website SQL Injection mthirup High 2017-05-31
Reflected XSS on a DoD website Cross-site Scripting (XSS) - Generic eugui Low 2017-05-31
Stored XSS vulnerability on a DoD website Cross-site Scripting (XSS) - Generic rashedhasan007 No rating 2017-05-31
Information disclosure vulnerability on a DoD website Information Disclosure clizsec Low 2017-04-27
Cross-Site Scripting (XSS) on a DoD website Cross-site Scripting (XSS) - Generic clizsec No rating 2017-04-27
XSS on a DoD website Cross-site Scripting (XSS) - Generic ramsexy Low 2017-04-27
Reflected XSS on a DoD website Cross-site Scripting (XSS) - Generic korprit Medium 2017-04-27
SQL injection vulnerability on a DoD website SQL Injection korprit Medium 2017-04-27
HTML injection vulnerability on a DoD website Cross-site Scripting (XSS) - Generic kunal_khubchandani Low 2017-04-27
Information disclosure vulnerability on a DoD website Information Disclosure joshualaurencio Low 2017-04-27
Remote file inclusion vulnerability on a DoD website Violation of Secure Design Principles sp1d3rs Medium 2017-04-27
Local file inclusion vulnerability on a DoD website Privilege Escalation fransrosen Medium 2017-04-27
Reflected XSS vulnerability in a DoD website Cross-site Scripting (XSS) - Generic rashedhasan007 No rating 2017-04-27
Remote Code Execution (RCE) in a DoD website Code Injection joaomatosf Critical 2017-04-13
Remote Command Execution on a DoD website Code Injection t-pwn No rating 2017-04-07
Cross-site scripting (XSS) vulnerability on a DoD website Cross-site Scripting (XSS) - Generic juliocesar No rating 2017-04-07
Reflected cross-site scripting vulnerability on a DoD website Cross-site Scripting (XSS) - Generic konduru-jashwanth Low 2017-04-07
Bypass file access control vulnerability on a DoD website Improper Authentication - Generic generaleg Low 2017-04-07
XSS vulnerability on a DoD website Cross-site Scripting (XSS) - Generic swissky Low 2017-03-16
File upload vulnerability on a DoD website None supplied korprit Medium 2017-03-16
HTML Injection/Load Images vulnerability on a DoD website Violation of Secure Design Principles jon_bottarini Medium 2017-03-16
Stored cross-site scripting (XSS) on a DoD website Cross-site Scripting (XSS) - Generic jon_bottarini No rating 2017-03-16
Misconfigured user account settings on DoD website Improper Authentication - Generic mantis No rating 2017-03-16
Potentially sensitive information disclosure on a DoD website Information Disclosure scraps No rating 2017-03-16
Arbitrary Script Injection (Mail) in a DoD Website Cross-site Scripting (XSS) - Generic ahsan Low 2017-03-16
Remote command execution (RCE) vulnerability on a DoD website Code Injection japp1 Critical 2017-03-16
Information disclosure on a DoD website Information Disclosure babayaga_ Low 2017-03-16
Password reset vulnerability on a DoD website Improper Authentication - Generic sp1d3rs High 2017-03-16
Cross-site scripting (XSS) vulnerability on a DoD website Cross-site Scripting (XSS) - Generic r0p3 Low 2017-03-16
Information disclosure on a DoD website Information Disclosure r0p3 Low 2017-03-16
Cross-site scripting vulnerability on a DoD website Cross-site Scripting (XSS) - Generic r0p3 Low 2017-03-16
Cross-site request forgery vulnerability on a DoD website Cross-Site Request Forgery (CSRF) korprit No rating 2017-03-16
Reflected XSS vulnerability on a DoD website Cross-site Scripting (XSS) - Generic yaworsk Low 2017-03-16
SQL injection vulnerability on a DoD website SQL Injection vag_mour High 2017-03-16
SQL injection vulnerability on a DoD website SQL Injection mthirup Medium 2017-02-17
Personal information disclosure on a DoD website Information Disclosure spam404 Medium 2017-02-16
Reflected XSS on a DoD website Cross-site Scripting (XSS) - Generic juliocesar Low 2017-02-16
Authentication bypass vulnerability on a DoD website Improper Authentication - Generic spam404 Critical 2017-02-15
Privilege Escalation on a DoD Website Privilege Escalation vag_mour Critical 2017-02-15
Exposed Access Control Data Backup Files on DoD Website Improper Authentication - Generic mazen160 Medium 2017-02-15
QuickTime Promotion on a DoD website Violation of Secure Design Principles spam404 Low 2017-02-15
Misconfigured password reset vulnerability on a DoD website Improper Authentication - Generic mthirup Critical 2017-02-15
Open Redirect in a DoD website Open Redirect adrianomarcmont Low 2017-02-14
Persistent XSS vulnerability on a DoD website Cross-site Scripting (XSS) - Generic korprit Low 2017-02-14
Remote code execution on an Army website Code Injection meals Critical 2017-01-12
Reflected XSS on a Department of Defense website Cross-site Scripting (XSS) - Generic juliocesar No rating 2017-01-12
DOM Based XSS on an Army website Cross-site Scripting (XSS) - Generic juliocesar Low 2017-01-12
Reflected XSS on an Army website Cross-site Scripting (XSS) - Generic juliocesar No rating 2017-01-12
Information leakage on a Department of Defense website Improper Authentication - Generic korprit Medium 2017-01-12
XSS vulnerability on an Army website Cross-site Scripting (XSS) - Generic spam404 Low 2017-01-11
SQL Injection vulnerability on a DoD website Cross-site Scripting (XSS) - Generic korprit High 2017-01-11
Unrestricted File Download / Path Traversal Information Disclosure ziot No rating 2017-01-11
RCE on a Department of Defense website Code Injection dawgyg Critical 2017-01-11
Reflected XSS on a Navy website Cross-site Scripting (XSS) - Generic samux No rating 2017-01-11
XXE on DoD web server XML External Entities (XXE) dawgyg Critical 2017-01-09
Local File Inclusion vulnerability on an Army system allows downloading local files Information Disclosure nahamsec High 2017-01-06
Server side information disclosure Information Disclosure samhax No rating 2017-01-06
Reflected XSS in a Navy website Cross-site Scripting (XSS) - Generic juliocesar Low 2017-01-06
Unrestricted File Upload Command Injection - Generic hogarth45 Critical 2016-12-22
DNS Misconfiguration None supplied atik-rahman No rating 2016-12-22