| 1 |
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████ |
$5000.0 |
| 2 |
SSRF in Functional Administrative Support Tool pdf generator (████) [HtUS] |
$4000.0 |
| 3 |
[HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████ |
$3000.0 |
| 4 |
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███) |
$2000.0 |
| 5 |
[HTAF4-213] [Pre-submission] Unsafe AMF deserialization (CVE-2017-5641) in Apache Flex BlazeDS at the https://www.███████/daip/messagebroker/amf |
$1666.65 |
| 6 |
[HTAF4-213] [Pre-submission] HTTPOnly session cookie exposure on the /csstest endpoint |
$1500.0 |
| 7 |
SSRF to read AWS metaData at https://█████/ [HtUS] |
$1000.0 |
| 8 |
LOGJ4 VUlnerability [HtUS] |
$1000.0 |
| 9 |
[███████] Remote Code Execution at ██████ [CVE-2021-44529] [HtUS] |
$1000.0 |
| 10 |
Wordpress Takeover using setup configuration at http://████.edu [HtUS] |
$1000.0 |
| 11 |
[HTA2] Receiving████ access request on @wearehackerone.com email address |
$750.0 |
| 12 |
[hta3] Chain of ESI Injection & Reflected XSS leading to Account Takeover on [███] |
$750.0 |
| 13 |
[CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (█████████.mil) |
$750.0 |
| 14 |
[CVE-2018-0296] Cisco VPN path traversal on the https://██████████ |
$750.0 |
| 15 |
[CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (████.███.mil) |
$750.0 |
| 16 |
[CVE-2018-0296] Cisco VPN path traversal on the https://1████████ (https://████████.███.████████/) |
$750.0 |
| 17 |
[CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (██████) |
$750.0 |
| 18 |
[CVE-2018-0296] Cisco VPN path traversal on the https://████████/ (no hostname) |
$750.0 |
| 19 |
[CVE-2018-0296] Cisco VPN path traversal on the https://███ (████████████████) |
$750.0 |
| 20 |
CSRF to ATO at https://█████/user/account [HtUS] |
$500.0 |
| 21 |
Local File Read vulnerability on ██████████ [HtUS] |
$500.0 |
| 22 |
Critical sensitive information Disclosure. [HtUS] |
$500.0 |
| 23 |
IDOR leading unauthenticated attacker to download documents discloses PII of users and soldiers via https://www.█████████/Download.aspx?id= [HtUS] |
$500.0 |
| 24 |
[HTAF4-213] [Pre-submission] XSS via arbitrary cookie name at the https://www2.██████/nssi/core/dot_stu_reg/Registration.aspx |
$375.0 |
| 25 |
DNS Misconfiguration |
$0.0 |
| 26 |
Unrestricted File Upload |
$0.0 |
| 27 |
Reflected XSS in a Navy website |
$0.0 |
| 28 |
Server side information disclosure |
$0.0 |
| 29 |
Local File Inclusion vulnerability on an Army system allows downloading local files |
$0.0 |
| 30 |
XXE on DoD web server |
$0.0 |
| 31 |
Reflected XSS on a Navy website |
$0.0 |
| 32 |
RCE on a Department of Defense website |
$0.0 |
| 33 |
Unrestricted File Download / Path Traversal |
$0.0 |
| 34 |
SQL Injection vulnerability on a DoD website |
$0.0 |
| 35 |
XSS vulnerability on an Army website |
$0.0 |
| 36 |
Information leakage on a Department of Defense website |
$0.0 |
| 37 |
Reflected XSS on an Army website |
$0.0 |
| 38 |
DOM Based XSS on an Army website |
$0.0 |
| 39 |
Reflected XSS on a Department of Defense website |
$0.0 |
| 40 |
Reflected XSS on a Department of Defense website |
$0.0 |
| 41 |
Remote code execution on an Army website |
$0.0 |
| 42 |
Persistent XSS vulnerability on a DoD website |
$0.0 |
| 43 |
Open Redirect in a DoD website |
$0.0 |
| 44 |
Misconfigured password reset vulnerability on a DoD website |
$0.0 |
| 45 |
QuickTime Promotion on a DoD website |
$0.0 |
| 46 |
Exposed Access Control Data Backup Files on DoD Website |
$0.0 |
| 47 |
Privilege Escalation on a DoD Website |
$0.0 |
| 48 |
Authentication bypass vulnerability on a DoD website |
$0.0 |
| 49 |
Reflected XSS on a DoD website |
$0.0 |
| 50 |
Personal information disclosure on a DoD website |
$0.0 |
| 51 |
SQL injection vulnerability on a DoD website |
$0.0 |
| 52 |
XSS vulnerability on a DoD website |
$0.0 |
| 53 |
SQL injection vulnerability on a DoD website |
$0.0 |
| 54 |
Reflected XSS vulnerability on a DoD website |
$0.0 |
| 55 |
Cross-site request forgery vulnerability on a DoD website |
$0.0 |
| 56 |
Cross-site scripting vulnerability on a DoD website |
$0.0 |
| 57 |
Information disclosure on a DoD website |
$0.0 |
| 58 |
Cross-site scripting (XSS) vulnerability on a DoD website |
$0.0 |
| 59 |
Password reset vulnerability on a DoD website |
$0.0 |
| 60 |
Information disclosure on a DoD website |
$0.0 |
| 61 |
Remote command execution (RCE) vulnerability on a DoD website |
$0.0 |
| 62 |
Arbitrary Script Injection (Mail) in a DoD Website |
$0.0 |
| 63 |
Potentially sensitive information disclosure on a DoD website |
$0.0 |
| 64 |
Misconfigured user account settings on DoD website |
$0.0 |
| 65 |
Stored cross-site scripting (XSS) on a DoD website |
$0.0 |
| 66 |
HTML Injection/Load Images vulnerability on a DoD website |
$0.0 |
| 67 |
File upload vulnerability on a DoD website |
$0.0 |
| 68 |
Reflected cross-site scripting vulnerability on a DoD website |
$0.0 |
| 69 |
Cross-site scripting (XSS) vulnerability on a DoD website |
$0.0 |
| 70 |
Remote Command Execution on a DoD website |
$0.0 |
| 71 |
Bypass file access control vulnerability on a DoD website |
$0.0 |
| 72 |
Remote Code Execution (RCE) in a DoD website |
$0.0 |
| 73 |
Reflected XSS vulnerability in a DoD website |
$0.0 |
| 74 |
Local file inclusion vulnerability on a DoD website |
$0.0 |
| 75 |
Remote file inclusion vulnerability on a DoD website |
$0.0 |
| 76 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 77 |
HTML injection vulnerability on a DoD website |
$0.0 |
| 78 |
SQL injection vulnerability on a DoD website |
$0.0 |
| 79 |
Reflected XSS on a DoD website |
$0.0 |
| 80 |
XSS on a DoD website |
$0.0 |
| 81 |
Cross-Site Scripting (XSS) on a DoD website |
$0.0 |
| 82 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 83 |
Stored XSS vulnerability on a DoD website |
$0.0 |
| 84 |
Remote Code Execution (RCE) in a DoD website |
$0.0 |
| 85 |
Reflected XSS on a DoD website |
$0.0 |
| 86 |
SQL injection vulnerability on a DoD website |
$0.0 |
| 87 |
Insecure direct object reference vulnerability on a DoD website |
$0.0 |
| 88 |
Remote Code Execution (RCE) in a DoD website |
$0.0 |
| 89 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 90 |
Server side information disclosure on a DoD website |
$0.0 |
| 91 |
Reflected XSS on a DoD website |
$0.0 |
| 92 |
Reflected XSS on a DoD website |
$0.0 |
| 93 |
Reflected XSS on a DoD website |
$0.0 |
| 94 |
Reflected XSS on a DoD website |
$0.0 |
| 95 |
Remote Code Execution (RCE) in a DoD website |
$0.0 |
| 96 |
Blind SQLi in a DoD Website |
$0.0 |
| 97 |
Reflected XSS in a DoD Website |
$0.0 |
| 98 |
Reflected XSS on a DoD website |
$0.0 |
| 99 |
Reflected XSS on a DoD website |
$0.0 |
| 100 |
DOM Based XSS on a DoD website |
$0.0 |
| 101 |
Time Based SQL Injection vulnerability on a DoD website |
$0.0 |
| 102 |
Reflected XSS vulnerability on a DoD website |
$0.0 |
| 103 |
SQL injection vulnerability on a DoD website |
$0.0 |
| 104 |
Cross-site request forgery (CSRF) vulnerability on a DoD website |
$0.0 |
| 105 |
Reflected XSS vulnerability on a DoD website |
$0.0 |
| 106 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 107 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 108 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 109 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 110 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 111 |
Blind SQLi vulnerability in a DoD Website |
$0.0 |
| 112 |
Open redirect vulnerability in a DoD website |
$0.0 |
| 113 |
Cross-site request forgery (CSRF) vulnerability in a DoD website |
$0.0 |
| 114 |
Remote code execution vulnerability on a DoD website |
$0.0 |
| 115 |
Reflected XSS vulnerability on a DoD website |
$0.0 |
| 116 |
Information disclosure vulnerability in a DoD website |
$0.0 |
| 117 |
SQL Injection vulnerability in a DoD website |
$0.0 |
| 118 |
SQL Injection vulnerability in a DoD website |
$0.0 |
| 119 |
Remote code execution vulnerability on a DoD website |
$0.0 |
| 120 |
SQL injection vulnerability in a DoD website |
$0.0 |
| 121 |
Reflective XSS vulnerability on a DoD website |
$0.0 |
| 122 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 123 |
Reflected cross-site scripting (XSS) vulnerability on a DoD website |
$0.0 |
| 124 |
Stored cross site scripting (XSS) vulnerability on a DoD website |
$0.0 |
| 125 |
Default credentials on a DoD website |
$0.0 |
| 126 |
Server-side include injection vulnerability in a DoD website |
$0.0 |
| 127 |
Information disclosure on a DoD website |
$0.0 |
| 128 |
Remote code execution vulnerability on a DoD website |
$0.0 |
| 129 |
SQL injection vulnerability on a DoD website |
$0.0 |
| 130 |
Reflected XSS vulnerability on a DoD website |
$0.0 |
| 131 |
SQL Injection vulnerability in a DoD website |
$0.0 |
| 132 |
Arbitary file download vulnerability on a DoD website |
$0.0 |
| 133 |
SQL Injection vulnerability in a DoD website |
$0.0 |
| 134 |
Time Based SQL Injection vulnerability on a DoD website |
$0.0 |
| 135 |
Remote Code Execution (RCE) vulnerability in multiple DoD websites |
$0.0 |
| 136 |
Arbitary file download vulnerability on a DoD website |
$0.0 |
| 137 |
Arbitary file download vulnerability on a DoD website |
$0.0 |
| 138 |
Violation of secure design principles on a DoD website |
$0.0 |
| 139 |
Limited code execution vulnerability on a DoD website |
$0.0 |
| 140 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 141 |
Cross-site scripting (XSS) vulnerability on a DoD website |
$0.0 |
| 142 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 143 |
Remote code execution (RCE) in multiple DoD websites |
$0.0 |
| 144 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 145 |
Reflected XSS on a DoD website |
$0.0 |
| 146 |
Remote Code Execution (RCE) vulnerability in a DoD website |
$0.0 |
| 147 |
Cross-site scripting (XSS) vulnerability on a DoD website |
$0.0 |
| 148 |
SQL Injection vulnerability in a DoD website |
$0.0 |
| 149 |
SQL Injection vulnerability in a DoD website |
$0.0 |
| 150 |
Server Side Request Forgery (SSRF) vulnerability in a DoD website |
$0.0 |
| 151 |
Cross-site scripting (XSS) on a DoD website |
$0.0 |
| 152 |
Information disclosure vulnerability on a DoD website |
$0.0 |
| 153 |
Cross-site scripting (XSS) vulnerability on a DoD website |
$0.0 |
| 154 |
SQL Injection vulnerability in a DoD website |
$0.0 |
| 155 |
Insecure Direct Object Reference (IDOR) vulnerability in a DoD website |
$0.0 |
| 156 |
X-XSS-Protection -> Misconfiguration |
$0.0 |
| 157 |
Information Disclosure |
$0.0 |
| 158 |
SSRF+XSS |
$0.0 |
| 159 |
SQL injection |
$0.0 |
| 160 |
Remote Code Execution (RCE) in a DoD website |
$0.0 |
| 161 |
Remote Code Execution (RCE) in DoD Websites |
$0.0 |
| 162 |
Account takeover due to CSRF in "Account details" option on █████████ |
$0.0 |
| 163 |
SOAP WSDL Parser SQL Code Execution |
$0.0 |
| 164 |
[██████] Cross-origin resource sharing misconfiguration (CORS) |
$0.0 |
| 165 |
███████ Site Exposes █████████ forms |
$0.0 |
| 166 |
███ exposes sensitive shipment information to public web |
$0.0 |
| 167 |
Access to all █████████ files, including CAC authentication bypass |
$0.0 |
| 168 |
RCE on █████ via CVE-2017-10271 |
$0.0 |
| 169 |
Gateway information leakage |
$0.0 |
| 170 |
SQL Injection vulnerability located at ████████ |
$0.0 |
| 171 |
Trace.axd page leaks sensitive information |
$0.0 |
| 172 |
SQL Injection in ████ |
$0.0 |
| 173 |
SQL Injection in ████ |
$0.0 |
| 174 |
Root Remote Code Execution on https://███ |
$0.0 |
| 175 |
https://█████████ Vulnerable to CVE-2018-0296 Cisco ASA Path Traversal Authentication Bypass |
$0.0 |
| 176 |
██████ Authenticated User Data Disclosure |
$0.0 |
| 177 |
[Critical] Possibility to takeover any user account #2 without interaction on the https://██████████ |
$0.0 |
| 178 |
LFI with potential to RCE on ██████ using CVE-2019-3396 |
$0.0 |
| 179 |
[Critical] Full local fylesystem access (LFI/LFD) as admin via Path Traversal in the misconfigured Java servlet on the https://███/ |
$0.0 |
| 180 |
SQL Injection in the get_publications.php on the https://█████ |
$0.0 |
| 181 |
SQL injection on the https://████/ |
$0.0 |
| 182 |
SQL injections |
$0.0 |
| 183 |
Remote Code Execution (RCE) in a DoD website |
$0.0 |
| 184 |
IDOR on DoD Website exposes FTP users and passes linked to all accounts! |
$0.0 |
| 185 |
XXE in DoD website that may lead to RCE |
$0.0 |
| 186 |
Path traversal on ████████ |
$0.0 |
| 187 |
[REMOTE] Full Account Takeover At https://██████████████/CAS/ |
$0.0 |
| 188 |
Remote OS command Execution in the 3 more Oracle Weblogic on the ████████, ████, ███████ [CVE-2017-10352] |
$0.0 |
| 189 |
Open FTP server on a DoD system |
$0.0 |
| 190 |
2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929 |
$0.0 |
| 191 |
Online training material disclosing username and password |
$0.0 |
| 192 |
Request smuggling on ████████ |
$0.0 |
| 193 |
https://████████ Impacted by DNN ImageHandler SSRF |
$0.0 |
| 194 |
Admin panel take over | User info leakage | Mass Comprimise |
$0.0 |
| 195 |
SSRF on ████████ |
$0.0 |
| 196 |
SQL Injection on www.██████████ on countID parameter |
$0.0 |
| 197 |
████████ SQL |
$0.0 |
| 198 |
sql injection on /messagecenter/messagingcenter at https://www.███████/ |
$0.0 |
| 199 |
PII leakage due to caching of Order/Contract ID's on █████████ |
$0.0 |
| 200 |
Code reversion allowing SQLI again in ███████ |
$0.0 |
| 201 |
Remote Code Execution (RCE) in a DoD website |
$0.0 |
| 202 |
Remote Code Execution (RCE) in a DoD website |
$0.0 |
| 203 |
Remote Code Execution (RCE) in a DoD website |
$0.0 |
| 204 |
SSRF on █████████ Allowing internal server data access |
$0.0 |
| 205 |
Publicly accessible Order confirmations leaking User Emails on ███ |
$0.0 |
| 206 |
Blind SQL injection on ████████ |
$0.0 |
| 207 |
SQL injection on █████ due to tech.cfm |
$0.0 |
| 208 |
Information Disclosure (can access all ███s) within ███████ view █████████ Portal |
$0.0 |
| 209 |
Examples directory is PUBLIC on https://████████mil, leading to multiple vulns |
$0.0 |
| 210 |
RCE on https://█████/ Using CVE-2017-9248 |
$0.0 |
| 211 |
MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass |
$0.0 |
| 212 |
Partial SSN exposed through Presentation slides on ██████████ |
$0.0 |
| 213 |
PII leakage-Full SSN on ███ |
$0.0 |
| 214 |
Out-of-date Version (Apache) |
$0.0 |
| 215 |
Attackers can control which security questions they are presented (████████) |
$0.0 |
| 216 |
Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████ |
$0.0 |
| 217 |
Video player on ███ allows arbitrary remote videos to be played |
$0.0 |
| 218 |
SQL injection found in US Navy Website (http://███/) |
$0.0 |
| 219 |
Open FTP on ███ |
$0.0 |
| 220 |
HTML Injection on ████ |
$0.0 |
| 221 |
Critical information disclosure at https://█████████ |
$0.0 |
| 222 |
Illegal account registration in ████████ |
$0.0 |
| 223 |
Access to job creation web page on http://████████ |
$0.0 |
| 224 |
Content-Injection/XSS ████ |
$0.0 |
| 225 |
SSRF in ███████ |
$0.0 |
| 226 |
SQL injection on https://███████ |
$0.0 |
| 227 |
Default page exposes admin functions and all metods and classes available. on https://██████/█████/dwr/index.html |
$0.0 |
| 228 |
Multiple cryptographic vulnerabilities in login page on ███████ |
$0.0 |
| 229 |
Exposed ███████ Administrative Interface (ColdFusion 11) |
$0.0 |
| 230 |
Two Error-Based SQLi in courses.aspx on ██████████ |
$0.0 |
| 231 |
Insecure Direct Object Reference on in-scope .mil website |
$0.0 |
| 232 |
Sensitive Email disclosure Due to Insecure Reactivate Account field |
$0.0 |
| 233 |
Exposed FTP Credentials on ███████ |
$0.0 |
| 234 |
Admin Salt Leakage on DoD site. |
$0.0 |
| 235 |
Blind SQL Injection on DoD Site |
$0.0 |
| 236 |
CRLF Injection on ███████ |
$0.0 |
| 237 |
Able to view Backend Database dur to improper authentication |
$0.0 |
| 238 |
WebLogic Server Side Request Forgery |
$0.0 |
| 239 |
SharePoint exposed web services |
$0.0 |
| 240 |
SharePoint exposed web services |
$0.0 |
| 241 |
SSRF vulnerability on ██████████ leaks internal IP and various sensitive information |
$0.0 |
| 242 |
LDAP Injection at ██████ |
$0.0 |
| 243 |
Corda Server XSS ████████ |
$0.0 |
| 244 |
Partial PII leakage due to public set gitlab |
$0.0 |
| 245 |
█████ - DOM-based XSS |
$0.0 |
| 246 |
█████ - DOM-based XSS |
$0.0 |
| 247 |
Server-Side Request Forgery (SSRF) |
$0.0 |
| 248 |
XSS on www.██████ alerts and a number of other pages |
$0.0 |
| 249 |
[███] SQL injection & Reflected XSS |
$0.0 |
| 250 |
[█████] Get all tickets (IDOR) |
$0.0 |
| 251 |
[████████] Reflected XSS |
$0.0 |
| 252 |
Email PII disclosure due to Insecure Password Reset field |
$0.0 |
| 253 |
██████████ bruteforceable RIC Codes allowing information on contracts |
$0.0 |
| 254 |
[███████] Reflected GET XSS (/mission.php?...&missionDate=*) |
$0.0 |
| 255 |
[██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action |
$0.0 |
| 256 |
[████████] Boolean SQL Injection (/personnel.php?content=profile&rcnum=*) |
$0.0 |
| 257 |
[█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action |
$0.0 |
| 258 |
Pulse Secure File disclosure, clear text and potential RCE |
$0.0 |
| 259 |
[CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc |
$0.0 |
| 260 |
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ |
$0.0 |
| 261 |
PII leakage due to scrceenshot of health records |
$0.0 |
| 262 |
Information disclousure by clicking on the link shown in http://████████/ |
$0.0 |
| 263 |
[█████] — DOM-based XSS on endpoint /?s= |
$0.0 |
| 264 |
[Partial] SSN & [PII] exposed through iPERMs Presentation Slide. |
$0.0 |
| 265 |
http://████/data.json showing users sensitive information via json file |
$0.0 |
| 266 |
Public instance of Jenkins on https://██████████/ with /script enabled |
$0.0 |
| 267 |
Remote Code Execution via Insecure Deserialization in Telerik UI |
$0.0 |
| 268 |
Command Injection (via CVE-2019-11510 and CVE-2019-11539) |
$0.0 |
| 269 |
PII Leak via https://████████ |
$0.0 |
| 270 |
Remote Code Execution in ██████ |
$0.0 |
| 271 |
Sensitive Information Leaking Through DoD Owned Website. [██████████] |
$0.0 |
| 272 |
Unrestricted File Upload |
$0.0 |
| 273 |
████ █████ exposes highly sensitive information to public |
$0.0 |
| 274 |
█████ - Pre-generation of VIEWSTATE allows CAC bypass |
$0.0 |
| 275 |
█████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files |
$0.0 |
| 276 |
████ - Complete account takeover |
$0.0 |
| 277 |
Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604) |
$0.0 |
| 278 |
SQL Injection in Login Page: https://█████/█████████/login.php |
$0.0 |
| 279 |
File Upload Restriction Bypass |
$0.0 |
| 280 |
[██████████] Unauthorized access to admin panel |
$0.0 |
| 281 |
Firewall rules for ████████ can be bypassed to leak site authors |
$0.0 |
| 282 |
[https://███] Local File Inclusion via graph.php |
$0.0 |
| 283 |
Internal IP Address Disclosed |
$0.0 |
| 284 |
SQL Injection - https://███/█████████/MSI.portal |
$0.0 |
| 285 |
Followup - SQL Injection - https://██████████/██████/MSI.portal |
$0.0 |
| 286 |
Reflected cross-site scripting vulnerability on a DoD website |
$0.0 |
| 287 |
Publicly accessible Grafana install allows pivoting to Prometheus datasource |
$0.0 |
| 288 |
idor on upload profile functionality |
$0.0 |
| 289 |
CORS Misconfiguration Leads to Exposing User Data |
$0.0 |
| 290 |
Bypassing CORS Misconfiguration Leads to Sensitive Exposure |
$0.0 |
| 291 |
Null byte Injection in https://████/ |
$0.0 |
| 292 |
Improper Neutralization of Input During Web Page Generation |
$0.0 |
| 293 |
Padding Oracle ms10-070 in the a DoD website (https://██████/) |
$0.0 |
| 294 |
Unencrypted __VIEWSTATE parameter in a DoD website |
$0.0 |
| 295 |
Admin Login Credential Leak for DoD Gitlab EE instance |
$0.0 |
| 296 |
Username&password is Disclosure in readme file in [https://█████████] |
$0.0 |
| 297 |
Application level DoS via xmlrpc.php |
$0.0 |
| 298 |
No ACL on S3 Bucket in [https://www.██████████/] |
$0.0 |
| 299 |
Sensitive Information Leaking Through DARPA Website. [█████████] |
$0.0 |
| 300 |
Sensitive Information Leaking Through Navy Website. [█████] |
$0.0 |
| 301 |
Domian Takeover in [███████] |
$0.0 |
| 302 |
[████████] — XSS on /███████_flight/images via advanced_val parameter |
$0.0 |
| 303 |
[██████████] — Directory traversal via /aerosol-bin/███████/display_directory_████_t.cgi |
$0.0 |
| 304 |
Stored Xss Vulnerability on ████████ |
$0.0 |
| 305 |
Full Account Take-Over of ████████ Members via IDOR |
$0.0 |
| 306 |
SSN leak due to editable slides |
$0.0 |
| 307 |
Remote Code Execution through DNN Cookie Deserialization |
$0.0 |
| 308 |
XSS Reflected |
$0.0 |
| 309 |
Self XSS combine CSRF at https://████████/index.php |
$0.0 |
| 310 |
No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service |
$0.0 |
| 311 |
[Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator |
$0.0 |
| 312 |
Unrestricted file upload leads to stored xss on https://████████/ |
$0.0 |
| 313 |
Previously Compromised PulseSSL VPN Hosts |
$0.0 |
| 314 |
Unrestricted File Upload to ███████SubmitRequest/Index.cfm?fwa=wizardform |
$0.0 |
| 315 |
Reflected XSS and HTML Injectionon a DoD website |
$0.0 |
| 316 |
Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE |
$0.0 |
| 317 |
CSRF - Modify Company Info |
$0.0 |
| 318 |
SSN is exposed on slides, previous critical report was not fixed in an appropriate way |
$0.0 |
| 319 |
Account takeover through CSRF in http://███████/██████████/default.asp |
$0.0 |
| 320 |
CSRF - Close Account |
$0.0 |
| 321 |
xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php |
$0.0 |
| 322 |
PII/PHI data available on web https://████████Portals/22/Documents/Meetings |
$0.0 |
| 323 |
SQL Injection in the move_papers.php on the https://██████████ |
$0.0 |
| 324 |
[█████████] Administrative access to Oracle WebLogic Server using default credentials |
$0.0 |
| 325 |
Stored XSS at ██████userprofile.aspx |
$0.0 |
| 326 |
Subdomain takeover of ████ |
$0.0 |
| 327 |
Unrestricted File Upload Leads to XSS & Potential RCE |
$0.0 |
| 328 |
CSRF Account Deletion on ███ Website |
$0.0 |
| 329 |
SharePoint Web Services Exposed to Anonymous Access Users |
$0.0 |
| 330 |
(CORS) Cross-origin resource sharing misconfiguration |
$0.0 |
| 331 |
Stored XSS on ████████helpdesk |
$0.0 |
| 332 |
HTML Injection leads to XSS on███ |
$0.0 |
| 333 |
RCE (Remote code execution) in one of DoD's websites |
$0.0 |
| 334 |
PulseSSL VPN Site with Compromised Creds @ ████ |
$0.0 |
| 335 |
Exposed Docker Registry at https://████ |
$0.0 |
| 336 |
Reflected XSS on https://███████/ |
$0.0 |
| 337 |
Reflected XSS on ███████ page |
$0.0 |
| 338 |
https://█████ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability |
$0.0 |
| 339 |
Path traversal on https://███ allows arbitrary file read (CVE-2020-3452) |
$0.0 |
| 340 |
Remote Code Execution via CVE-2019-18935 |
$0.0 |
| 341 |
Reflected XSS on ███████ |
$0.0 |
| 342 |
Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd |
$0.0 |
| 343 |
CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. |
$0.0 |
| 344 |
███ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability |
$0.0 |
| 345 |
Remote Code Execution on █████████ |
$0.0 |
| 346 |
Сode injection host █████████ |
$0.0 |
| 347 |
Subdomain takeover due to an unclaimed Amazon S3 bucket on ███ |
$0.0 |
| 348 |
Sensitive information about a ██████ |
$0.0 |
| 349 |
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion |
$0.0 |
| 350 |
Reflected Xss |
$0.0 |
| 351 |
Stored XSS via Comment Form at ████████ |
$0.0 |
| 352 |
SQLi in login form of █████ |
$0.0 |
| 353 |
Unauthenticated Arbitrary File Deletion ("CVE-2020-3187") in ████████ |
$0.0 |
| 354 |
IDOR to Account Takeover on https://████/index.html |
$0.0 |
| 355 |
Cross Site Scripting (XSS) – Reflected |
$0.0 |
| 356 |
Reflected XSS in https://www.█████/ |
$0.0 |
| 357 |
Reflected XSS in https://www.██████/ |
$0.0 |
| 358 |
DOM XSS on https://www.███████ |
$0.0 |
| 359 |
CSRF to account takeover in https://███████.mil/ |
$0.0 |
| 360 |
External Service Interaction | https://█████████.mil |
$0.0 |
| 361 |
[SQLI ]Time Bassed Injection at ██████████ via referer header |
$0.0 |
| 362 |
[██████████.mil] Cisco VPN Service Path Traversal |
$0.0 |
| 363 |
[CVE-2020-3452] Unauthenticated file read in Cisco ASA |
$0.0 |
| 364 |
Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179 |
$0.0 |
| 365 |
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD |
$0.0 |
| 366 |
[████] SQL Injections on Referer Header exploitable via Time-Based method |
$0.0 |
| 367 |
Reflected XSS in https://███████ via search parameter |
$0.0 |
| 368 |
Access to Unclassified / FOUO Advanced Motion Platform of █████████.mil |
$0.0 |
| 369 |
hardcoded password stored in javascript of https://████.mil |
$0.0 |
| 370 |
403 Forbidden Bypass at www.██████.mil |
$0.0 |
| 371 |
PII Leak (such as CAC User ID) at https://████████/pages/login.aspx |
$0.0 |
| 372 |
CSRF to account takeover in https://█████/ |
$0.0 |
| 373 |
IDOR + Account Takeover [UNAUTHENTICATED] |
$0.0 |
| 374 |
Apparent ██████████ website is publicly exposed, suggests default account details on page and has expired SSL/TLS cert |
$0.0 |
| 375 |
https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD |
$0.0 |
| 376 |
Unauthenticated Arbitrary File Deletion "CVE-2020-3187" in █████ |
$0.0 |
| 377 |
CORS misconfiguration which leads to the disclosure |
$0.0 |
| 378 |
XSS Reflect to POST █████ |
$0.0 |
| 379 |
[SQLI ]Time Bassed Injection at ██████████ via /██████/library.php?c=G14 parameter |
$0.0 |
| 380 |
{███} It is posible download all information and files via S3 Bucket Misconfiguration |
$0.0 |
| 381 |
Reflected XSS on https://████/ (Bypass of #1002977) |
$0.0 |
| 382 |
View another user information with IDOR vulnerability |
$0.0 |
| 383 |
Local File Inclusion In Registration Page |
$0.0 |
| 384 |
SharePoint Web Services Exposed to Anonymous Access |
$0.0 |
| 385 |
SharePoint Web Services Exposed to Anonymous Access |
$0.0 |
| 386 |
PII Leak of USCG Designated Examiner List at https://www.███ |
$0.0 |
| 387 |
CSRF to Stored HTML injection at https://www.█████ |
$0.0 |
| 388 |
Leaked DB credentials on https://██████████.mil/███ |
$0.0 |
| 389 |
Able to authenticate as administrator by navigating to https://█████/admin/ |
$0.0 |
| 390 |
PHP info page disclosure |
$0.0 |
| 391 |
Able to log in with default ██████g creds at https█████████████████████.mil |
$0.0 |
| 392 |
POST based RXSS on https://█████ via frm_email parameter |
$0.0 |
| 393 |
SSRF in login page using fetch API exposes victims IP address to attacker controled server |
$0.0 |
| 394 |
Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179 |
$0.0 |
| 395 |
Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179 |
$0.0 |
| 396 |
Apache solr RCE via velocity template |
$0.0 |
| 397 |
System Error Reveals Sensitive SQL Call Data |
$0.0 |
| 398 |
Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak |
$0.0 |
| 399 |
Directory Indexing on the ████ (https://████/) leads to the backups disclosure and credentials leak |
$0.0 |
| 400 |
Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials |
$0.0 |
| 401 |
PII Information Leak at https://████████.mil/ |
$0.0 |
| 402 |
SQL Injection in www.██████████ |
$0.0 |
| 403 |
Reflected XSS on https://█████████html?url |
$0.0 |
| 404 |
Blind stored XSS due to insecure contact form at https://█████.mil leads to leakage of session token and |
$0.0 |
| 405 |
Full account takeover on https://████████.mil |
$0.0 |
| 406 |
███████mill is vulnerable to cross site request forgery that leads to full account take over. |
$0.0 |
| 407 |
Old Session Does Not Expires After Password Change |
$0.0 |
| 408 |
Reflected XSS www.█████ search form |
$0.0 |
| 409 |
Reflected XSS on https://█████████/ |
$0.0 |
| 410 |
Stored XSS at https://www.█████████.mil |
$0.0 |
| 411 |
Sensitive Information Leaking Through DoD Owned Website https://www.█████.mil |
$0.0 |
| 412 |
Reflected XSS In https://███████ |
$0.0 |
| 413 |
Insecure ███████ credentials on staging app at ████ leads to application takeover |
$0.0 |
| 414 |
Stored XSS via 64(?) vulnerable fields in ███ leads to credential theft/account takeover |
$0.0 |
| 415 |
PII Leak of ████████ Personal at https://www.█████████ |
$0.0 |
| 416 |
Register with non accepted email types on https://███████ |
$0.0 |
| 417 |
Bypassed a fix to gain access to PII of more than 100 Officers |
$0.0 |
| 418 |
CVE 2020 14179 on jira instance |
$0.0 |
| 419 |
Improper Access Controls Allow PII Leak via ████ |
$0.0 |
| 420 |
Second Order XSS via █████ |
$0.0 |
| 421 |
Knowledge Base Articles are Globally Modifiable via ██████ |
$0.0 |
| 422 |
Support incident can be opened for any user via /███████ and PII leak via █████████ field |
$0.0 |
| 423 |
Arbitrary file upload and stored XSS via ███ support request |
$0.0 |
| 424 |
Dashboard sharing enables code injection into ████ emails |
$0.0 |
| 425 |
PII Leak via /███████ |
$0.0 |
| 426 |
PII Leak via /████████ |
$0.0 |
| 427 |
PII Leak via /██████ |
$0.0 |
| 428 |
Access to requests and approvals via /█████ allows sensitive information gathering |
$0.0 |
| 429 |
Password Cracking - Weak Password Used to Secure ████ Containing a Plaintext Password |
$0.0 |
| 430 |
█████████ IDOR leads to disclosure of PHI/PII |
$0.0 |
| 431 |
HTML Injection + XSS Vulnerability - https://████████/ | Proof of Concept [PoC] |
$0.0 |
| 432 |
Information Disclosure(PHPINFO/Credentials) on DoD Asset |
$0.0 |
| 433 |
Blind Stored XSS on ███████ leads to takeover admin account |
$0.0 |
| 434 |
IDOR leads to Leakage an ██████████ Login Information |
$0.0 |
| 435 |
CRXDE Lite/CRX is on ██████ exposed that leads to PII disclosure |
$0.0 |
| 436 |
RXSS - https://███/ |
$0.0 |
| 437 |
Reflected XSS on https://█████ |
$0.0 |
| 438 |
Stored XSS through name / last name on https://██████████/ |
$0.0 |
| 439 |
Blind Stored XSS on https://█████████ after filling a request at https://█████ |
$0.0 |
| 440 |
param allows any external resource to be downloadable | https://████████ |
$0.0 |
| 441 |
reflected xss @ www.█████████ |
$0.0 |
| 442 |
critical information disclosure |
$0.0 |
| 443 |
critical information disclosure |
$0.0 |
| 444 |
[CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████ |
$0.0 |
| 445 |
CSRF to Cross-site Scripting (XSS) |
$0.0 |
| 446 |
CSRF to Cross-site Scripting (XSS) |
$0.0 |
| 447 |
Blind Stored XSS Payload fired at the backend on https://█████████/ |
$0.0 |
| 448 |
Git repo on https://██████.mil/ discloses API password |
$0.0 |
| 449 |
Self XSS + CSRF Leads to Reflected XSS in https://████/ |
$0.0 |
| 450 |
Misconfigured AWS S3 bucket leaks senstive data such of admin, Prdouction,beta, localhost and many more directories.... |
$0.0 |
| 451 |
SSRF due to CVE-2021-26855 on ████████ |
$0.0 |
| 452 |
CVE-2021-26855 on ████████ resulting in SSRF |
$0.0 |
| 453 |
Unauth RCE on Jenkins Instance at https://█████████/ |
$0.0 |
| 454 |
Reflected XSS at https://████████/███/... |
$0.0 |
| 455 |
Reflected XSS on ███ |
$0.0 |
| 456 |
Read-only path traversal (CVE-2020-3452) at https://██████.mil |
$0.0 |
| 457 |
XML Injection on https://www.█████████ (███ parameter) |
$0.0 |
| 458 |
External Service Interaction (HTTP/DNS) on https://www.███ (██████████ parameter) |
$0.0 |
| 459 |
Improper Access Control - Generic on https://████ |
$0.0 |
| 460 |
Read-only path traversal (CVE-2020-3452) at https://█████ |
$0.0 |
| 461 |
Read-only path traversal (CVE-2020-3452) at https://████████ |
$0.0 |
| 462 |
Reflected XSS in https://██████████ via "████████" parameter |
$0.0 |
| 463 |
Reflected XSS on ███████ |
$0.0 |
| 464 |
Reflected XSS on █████████ |
$0.0 |
| 465 |
Password Reset link hijacking via Host Header Poisoning leads to account takeover |
$0.0 |
| 466 |
Website vulnerable to POODLE (SSLv3) with expired certificate |
$0.0 |
| 467 |
IDOR on https://██████ via POST UID enables database scraping |
$0.0 |
| 468 |
RCE in ██████ subdomain via CVE-2017-1000486 |
$0.0 |
| 469 |
Sending trusted ████ and ██████████ emails through public API endpoint in ███████ site |
$0.0 |
| 470 |
CRLF INJECTION |
$0.0 |
| 471 |
PHP info page disclosure |
$0.0 |
| 472 |
████████ portal is open to enumeration once authenticated. Session ID's appear static. All PII available once a valid session ID is found. |
$0.0 |
| 473 |
Administration Authentication Bypass on https://█████ |
$0.0 |
| 474 |
HTTP Request Smuggling |
$0.0 |
| 475 |
CSRF in https://███ |
$0.0 |
| 476 |
IDOR at training.smartpay.gsa.gov/reports/quizzes-taken-by-user |
$0.0 |
| 477 |
TAMS registration details API for admins open at https://tamsapi.gsa.gov/user/tams/api/usermgmnt/pendingUserDetails/ |
$0.0 |
| 478 |
Members Personal Information Leak Due to IDOR |
$0.0 |
| 479 |
DOM Based XSS on https://████ via backURL param |
$0.0 |
| 480 |
Path Traversal - [ CVE-2020-3452 ] |
$0.0 |
| 481 |
https://████ is vulnerable to cve-2020-3452 |
$0.0 |
| 482 |
XSS via X-Forwarded-Host header |
$0.0 |
| 483 |
███ on https://████ enable ███ scraping, injection, stored XSS |
$0.0 |
| 484 |
Weak password policy leading to exposure of administrator account access |
$0.0 |
| 485 |
Reflected XSS on https://██████ |
$0.0 |
| 486 |
Reflected XSS through clickjacking at https://████ |
$0.0 |
| 487 |
Reflected XSS at www.███████ at /██████████ via the ████████ parameter |
$0.0 |
| 488 |
Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935) |
$0.0 |
| 489 |
Web Cache Poisoning on █████ |
$0.0 |
| 490 |
Reflected XSS |
$0.0 |
| 491 |
Blind SQL iNJECTION |
$0.0 |
| 492 |
CVE-2019-3403 on https://████/rest/api/2/user/picker?query= |
$0.0 |
| 493 |
Insufficient Session Expiration on Adobe Connect | https://█████████ |
$0.0 |
| 494 |
Elmah.axd is publicly accessible leaking Error Log |
$0.0 |
| 495 |
Default Admin Username and Password on █████ Server at █████████mil |
$0.0 |
| 496 |
XML Injection / External Service Interaction (HTTP/DNS) On https://█████████.mil |
$0.0 |
| 497 |
Reflected XSS through ClickJacking |
$0.0 |
| 498 |
[█████████] Reflected Cross-Site Scripting Vulnerability |
$0.0 |
| 499 |
Unauthorized access to admin panel of the Questionmark Perception system at https://██████████ |
$0.0 |
| 500 |
[www.███] Reflected Cross-Site Scripting |
$0.0 |
| 501 |
CSRF Based XSS @ https://██████████ |
$0.0 |
| 502 |
Self stored Xss + Login Csrf |
$0.0 |
| 503 |
Reflected XSS at [████████] |
$0.0 |
| 504 |
IDOR while uploading ████ attachments at [█████████] |
$0.0 |
| 505 |
Cache Posioning leading do Denial of Service on www.█████████ |
$0.0 |
| 506 |
Account takeover through multistage CSRF at https://autochoice.fas.gsa.gov/AutoChoice/changeQAOktaAnswer and ../AutoChoice/changePwOktaAnswer |
$0.0 |
| 507 |
SQLi on █████████ |
$0.0 |
| 508 |
Cross site scripting |
$0.0 |
| 509 |
xss reflected on https://███████- (███ parameters) |
$0.0 |
| 510 |
xss on https://███████(█████████ parameter) |
$0.0 |
| 511 |
XSS Reflected on https://███ (███ parameter) |
$0.0 |
| 512 |
Reflected XSS - https://███ |
$0.0 |
| 513 |
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) |
$0.0 |
| 514 |
XSS DUE TO CVE-2020-3580 |
$0.0 |
| 515 |
XSS DUE TO CVE-2020-3580 |
$0.0 |
| 516 |
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) |
$0.0 |
| 517 |
SQL injection my method -1 OR 321=6 AND 000159=000159 |
$0.0 |
| 518 |
All private support requests to ███████ are being disclosed at https://███████ |
$0.0 |
| 519 |
[CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol! |
$0.0 |
| 520 |
S3 bucket listing/download |
$0.0 |
| 521 |
XSS due to CVE-2020-3580 [███.mil] |
$0.0 |
| 522 |
CUI labled and ████ and ██████ Restricted ██████ intelligence |
$0.0 |
| 523 |
XSS on ███ |
$0.0 |
| 524 |
[CVE-2021-29156] LDAP Injection at https://██████ |
$0.0 |
| 525 |
Sensitive information on '████████' |
$0.0 |
| 526 |
Sensitive information on ██████████ |
$0.0 |
| 527 |
https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability) |
$0.0 |
| 528 |
CUI labled and ████ Restricted pdf on █████ |
$0.0 |
| 529 |
e-mail verification bypass through interception & modification of response status |
$0.0 |
| 530 |
Subdomain takeover of ███ |
$0.0 |
| 531 |
XSS due to CVE-2020-3580 [██████] |
$0.0 |
| 532 |
XSS due to CVE-2020-3580 [███] |
$0.0 |
| 533 |
Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179 |
$0.0 |
| 534 |
System Error Reveals SQL Information |
$0.0 |
| 535 |
SQL injection located in ███ in POST param ████████ |
$0.0 |
| 536 |
Information disclosure at '████████' --- CVE-2020-14179 |
$0.0 |
| 537 |
███████ - XSS - CVE-2020-3580 |
$0.0 |
| 538 |
Path Traversal on meetcqpub1.gsa.gov allows attackers to see arbitrary file listings. |
$0.0 |
| 539 |
Path traversal on [███] |
$0.0 |
| 540 |
POST based RXSS on https://███████/ via ███ parameter |
$0.0 |
| 541 |
Cache Posioning leading to denial of service at █████████ - Bypass fix from report #1198434 |
$0.0 |
| 542 |
Subdomain takeover [████████] |
$0.0 |
| 543 |
DoD internal documents are leaked to the public |
$0.0 |
| 544 |
RXSS - ████ |
$0.0 |
| 545 |
RXSS - https://████████/ |
$0.0 |
| 546 |
RXSS Via URI Path - https://██████████/ |
$0.0 |
| 547 |
Reflected Xss https://██████/ |
$0.0 |
| 548 |
phpinfo() disclosure info |
$0.0 |
| 549 |
Reflected XSS at ████ via ██████████= parameter |
$0.0 |
| 550 |
AWS subdomain takeover of www.███████ |
$0.0 |
| 551 |
Web Cache Poisoning leading to DoS |
$0.0 |
| 552 |
Unauthorized access to employee panel with default credentials. |
$0.0 |
| 553 |
Expired SSL Certificate allows credentials steal |
$0.0 |
| 554 |
Unauthenticated Access to Admin Panel Functions at https://██████████/████████ |
$0.0 |
| 555 |
Unauthenticated Access to Admin Panel Functions at https://███████/███ |
$0.0 |
| 556 |
[Transportation Management Services Solution 2.0] Improper authorization at tmss.gsa.gov leads to data exposure of all registered users |
$0.0 |
| 557 |
Rxss on █████████ via logout?service=javascript:alert(1) |
$0.0 |
| 558 |
Log4Shell: RCE 0-day exploit on █████████ |
$0.0 |
| 559 |
Wrong settings in ADF Faces leads to information disclosure |
$0.0 |
| 560 |
XSS Reflected - ██████████ |
$0.0 |
| 561 |
Reflected XSS in https://███████ via hidden parameter "████████" |
$0.0 |
| 562 |
Reflected XSS on https://███/████via hidden parameter "█████████" |
$0.0 |
| 563 |
██████████ running a vulnerable log4j |
$0.0 |
| 564 |
███ ████████ running a vulnerable log4j |
$0.0 |
| 565 |
[CVE-2020-3452] Unauthenticated file read in Cisco ASA |
$0.0 |
| 566 |
RXSS ON https://██████████ |
$0.0 |
| 567 |
Unauthorized access to PII leads to MASS account Takeover |
$0.0 |
| 568 |
default ████ creds on https://████████ |
$0.0 |
| 569 |
(CORS) Cross-origin resource sharing misconfiguration on https://█████████ |
$0.0 |
| 570 |
Reflected XSS at https://██████/██████████ via "████████" parameter |
$0.0 |
| 571 |
Reflected XSS at https://██████/██████ via "██████" parameter |
$0.0 |
| 572 |
Reflected XSS at https://██████████/████████ via "███████" parameter |
$0.0 |
| 573 |
Reflected XSS at https://█████ via "██████████" parameter |
$0.0 |
| 574 |
Reflected XSS at https://█████████ via "███" parameter |
$0.0 |
| 575 |
XSS trigger via HTML Iframe injection in ( https://██████████ ) due to unfiltered HTML tags |
$0.0 |
| 576 |
EC2 subdomain takeover at http://████████/ |
$0.0 |
| 577 |
CUI Labelled document out in the open |
$0.0 |
| 578 |
IDOR |
$0.0 |
| 579 |
Broken Authentication |
$0.0 |
| 580 |
Arbitrary File Read at ███ via filename parameter |
$0.0 |
| 581 |
IDOR at https://demo.sftool.gov/TwsHome/ScorecardManage/ via scorecard name |
$0.0 |
| 582 |
XSS because of Akamai ARL misconfiguration on ████ |
$0.0 |
| 583 |
CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████ |
$0.0 |
| 584 |
CSRF - Delete Account (Urgent) |
$0.0 |
| 585 |
IDOR - Delete Users Saved Projects |
$0.0 |
| 586 |
Reflected XSS - in Email Input |
$0.0 |
| 587 |
CSRF - Modify User Settings with one click - Account TakeOver |
$0.0 |
| 588 |
Arbitrary File Deletion (CVE-2020-3187) on ████████ |
$0.0 |
| 589 |
CVE-2020-3452 on https://█████/ |
$0.0 |
| 590 |
Military name,email,phone,address,certdata Disclosure |
$0.0 |
| 591 |
XSS Reflected - ███ |
$0.0 |
| 592 |
Bypassing CORS Misconfiguration Leads to Sensitive Exposure at https://███/ |
$0.0 |
| 593 |
Open Akamai ARL XSS at ████████ |
$0.0 |
| 594 |
XSS on https://████/ via ███████ parameter |
$0.0 |
| 595 |
XSS on https://██████/███ via █████ parameter |
$0.0 |
| 596 |
XSS on https://███████/██████████ parameter |
$0.0 |
| 597 |
XSS on https://████████/████' parameter |
$0.0 |
| 598 |
SQL Injection in █████ |
$0.0 |
| 599 |
Cross-site Scripting (XSS) - Reflected at https://██████████/ |
$0.0 |
| 600 |
Authorization bypass -> IDOR -> PII Leakage |
$0.0 |
| 601 |
Broken access control, can lead to legitimate user data loss |
$0.0 |
| 602 |
username and password leaked via pptx for █████████ website |
$0.0 |
| 603 |
[CVE-2020-3452] on ███████ |
$0.0 |
| 604 |
[www.█████] Path-based reflected Cross Site Scripting |
$0.0 |
| 605 |
Reflected XSS on [█████████] |
$0.0 |
| 606 |
Account takeover leading to PII chained with stored XSS |
$0.0 |
| 607 |
CORS Misconfiguration |
$0.0 |
| 608 |
███ vulnerable to CVE-2022-22954 |
$0.0 |
| 609 |
Full account takeover in ███████ due lack of rate limiting in forgot password |
$0.0 |
| 610 |
Open Akamai ARL XSS at ████████ |
$0.0 |
| 611 |
SQL INJECTION in https://████/██████████ |
$0.0 |
| 612 |
Blind SQL Injection |
$0.0 |
| 613 |
██████████ vulnerable to CVE-2022-22954 |
$0.0 |
| 614 |
SSRF due to CVE-2021-27905 in www.████████ |
$0.0 |
| 615 |
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████ |
$0.0 |
| 616 |
lfi in filePathDownload parameter via ███████ |
$0.0 |
| 617 |
Reflected XSS [███] |
$0.0 |
| 618 |
Reflected XSS [██████] |
$0.0 |
| 619 |
SQL Injection on █████ |
$0.0 |
| 620 |
SQL Injection on https://████████/ |
$0.0 |
| 621 |
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion |
$0.0 |
| 622 |
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion |
$0.0 |
| 623 |
[CVE-2020-3452] Unauthenticated file read in Cisco ASA |
$0.0 |
| 624 |
[CVE-2020-3452] Unauthenticated file read in Cisco ASA |
$0.0 |
| 625 |
Read Other Users Reports Through Cloning |
$0.0 |
| 626 |
[Urgent] Critical Vulnerability [RCE] on ███ vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635 |
$0.0 |
| 627 |
Registered users contact information disclosure on salesforce lightning endpoint https://disposal.gsa.gov |
$0.0 |
| 628 |
RXSS on █████████ |
$0.0 |
| 629 |
Reflected XSS via ████████ parameter |
$0.0 |
| 630 |
Unauthorized Access to Internal Server Panel without Authentication |
$0.0 |
| 631 |
Subdomain takeover of █████████ |
$0.0 |
| 632 |
The dashboard is exposed in https://███ |
$0.0 |
| 633 |
XSS DUE TO CVE-2020-3580 |
$0.0 |
| 634 |
Access to admininstrative resources/account via path traversal |
$0.0 |
| 635 |
RXSS on ███████ |
$0.0 |
| 636 |
Stored XSS at https://█████ |
$0.0 |
| 637 |
██████_log4j - https://██████ |
$0.0 |
| 638 |
solr_log4j - http://██████████ |
$0.0 |
| 639 |
RXSS on █████████ |
$0.0 |
| 640 |
Reflected cross site scripting in https://███████ |
$0.0 |
| 641 |
Reflected Xss in [██████] |
$0.0 |
| 642 |
Reflected XSS [██████] |
$0.0 |
| 643 |
Directory Traversal at █████ |
$0.0 |
| 644 |
springboot actuator is leaking internals at ██████████ |
$0.0 |
| 645 |
XSS DUE TO CVE-2022-38463 in https://████████ |
$0.0 |
| 646 |
IDOR Lead To VIEW & DELETE & Create api_key [HtUS] |
$0.0 |
| 647 |
SSRF ACCESS AWS METADATA - █████ |
$0.0 |
| 648 |
Unprotected ██████ and Test site API Exposes Documents, Credentials, and Emails in ██████████ Proposal System |
$0.0 |
| 649 |
Full read SSRF at █████████ [HtUS] |
$0.0 |
| 650 |
an internel important paths disclosure [HtUS] |
$0.0 |
| 651 |
SQL injection at [https://█████████] [HtUS] |
$0.0 |
| 652 |
SQL injection at [█████████] [HtUS] |
$0.0 |
| 653 |
time based SQL injection at [https://███] [HtUS] |
$0.0 |
| 654 |
STORED XSS in █████████/nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS] |
$0.0 |
| 655 |
[hta3] Remote Code Execution on https://███ via improper access control to SCORM Zip upload/import |
$0.0 |
| 656 |
insecure gitlab repositories at ████████ [HtUS] |
$0.0 |
| 657 |
Account takeover on ███████ [HtUS] |
$0.0 |
| 658 |
IDOR leaking PII data via VendorId parameter |
$0.0 |
| 659 |
Account Takeover and Information update due to cross site request forgery via POST █████████/registration/my-account.cfm |
$0.0 |
| 660 |
Blind SSRF via image upload URL downloader on https://██████/ |
$0.0 |
| 661 |
Local file read at https://████/ [HtUS] |
$0.0 |
| 662 |
Broken access discloses users and PII at https://███████ [HtUS] |
$0.0 |
| 663 |
Found Origin IP's Lead To Access ████ |
$0.0 |
| 664 |
Authentication bypass leads to Information Disclosure at U.S Air Force "https://███" |
$0.0 |
| 665 |
Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS] |
$0.0 |
| 666 |
.git folder exposed [HtUS] |
$0.0 |
| 667 |
Unauthenticated SQL Injection at █████████ [HtUS] |
$0.0 |
| 668 |
Host Header Injection on https://███/████████/Account/ForgotPassword |
$0.0 |
| 669 |
User information disclosed via API |
$0.0 |
| 670 |
access nagios dashboard using default credentials in ** omon1.fpki.gov, 3.220.248.203** |
$0.0 |
| 671 |
Reflected XSS | https://████████ |
$0.0 |
| 672 |
Reflected XSS | https://████ |
$0.0 |
| 673 |
IDOR on ███████ [HtUS] |
$0.0 |
| 674 |
Open Redirect at █████ |
$0.0 |
| 675 |
XSS via Client Side Template Injection on www.███/News/Speeches |
$0.0 |
| 676 |
xss on reset password page |
$0.0 |
| 677 |
SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS] |
$0.0 |
| 678 |
Sql Injection At █████████ |
$0.0 |
| 679 |
stored cross site scripting in https://██████████ |
$0.0 |
| 680 |
stored cross site scripting in https://████ |
$0.0 |
| 681 |
stored cross site scripting in https://███████ |
$0.0 |
| 682 |
stored cross site scripting in https://██████████ |
$0.0 |
| 683 |
stored cross site scripting in https://███ |
$0.0 |
| 684 |
stored cross site scripting in https://█████████ |
$0.0 |
| 685 |
stored cross site scripting in https://███ |
$0.0 |
| 686 |
Unauthenticated phpinfo()files could lead to ability file read at █████████ [HtUS] |
$0.0 |
| 687 |
stored cross site scripting in https://███ |
$0.0 |
| 688 |
stored cross site scripting in https://███ |
$0.0 |
| 689 |
Reflected XSS |
$0.0 |
| 690 |
IDOR when editing email leads to Mass Full ATOs (Account Takeovers) without user interaction on https://██████/ |
$0.0 |
| 691 |
XSS on ( █████████.gov ) Via URL path |
$0.0 |
| 692 |
reflected xss in www.████████.gov |
$0.0 |
| 693 |
Reflected XSS on ██████.mil |
$0.0 |
| 694 |
[U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions |
$0.0 |
| 695 |
Splunk Sensitive Information Disclosure @████████ |
$0.0 |
| 696 |
xss and html injection on ( https://labs.history.state.gov) |
$0.0 |
| 697 |
Sensitive information disclosure [HtUS] |
$0.0 |
| 698 |
Authentication Bypass Using Default Credentials on █████ |
$0.0 |
| 699 |
Reflected XSS at ████████ |
$0.0 |
| 700 |
Upload and delete files in debug page without access control. |
$0.0 |
| 701 |
AWS Credentials Disclosure at ███ |
$0.0 |
| 702 |
Sensitive Data Exposure at https://█████████ |
$0.0 |
| 703 |
DoS at ████████ (CVE-2018-6389) |
$0.0 |
| 704 |
CORS Misconfiguration in https://████████/accounts/login/ |
$0.0 |
| 705 |
[XSS] Reflected XSS via POST request |
$0.0 |
| 706 |
Install.php File Exposure on Drupal |
$0.0 |
| 707 |
[█████] Bug Reports allow for Unrestricted File Upload |
$0.0 |
| 708 |
RXSS on https://travel.state.gov/content/travel/en/search.html |
$0.0 |
| 709 |
Reflected XSS in ██████████ |
$0.0 |
| 710 |
HAProxy stats panel exposed externally |
$0.0 |
| 711 |
Reflected XSS in ██████████ |
$0.0 |
| 712 |
Client side authentication leads to Auth Bypass |
$0.0 |
| 713 |
xmlrpc.php file enabled at ██████.org |
$0.0 |
| 714 |
Reflected XSS in ██████ |
$0.0 |
| 715 |
Path traversal leads to reading of local files on ███████ and ████ |
$0.0 |
| 716 |
Improper Access Control on Media Wiki allows an attackers to restart installation on DoD asset |
$0.0 |
| 717 |
DoS at █████(CVE-2018-6389) |
$0.0 |
| 718 |
Bypassing Whitelist to perform SSRF for internal host scanning |
$0.0 |
| 719 |
Accessing unauthorized administration pages and seeing admin password - speakerkit.state.gov |
$0.0 |
| 720 |
IDOR in TalentMAP API can be abused to enumerate personal information of all the users |
$0.0 |
| 721 |
Unauthenticated Blind SSRF at https://█████ via xmlrpc.php file |
$0.0 |
| 722 |
WordPress application vulnerable to DoS attack via wp-cron.php |
$0.0 |
| 723 |
Email exploitation with web hosting services. |
$0.0 |
| 724 |
Reflected XSS in ████████████ |
$0.0 |
| 725 |
[HTA2] Authorization Bypass on https://██████ leaks confidential aircraft/missile information |
$0.0 |
| 726 |
Time Based SQL Injection |
$0.0 |
| 727 |
HTML INJECTION on coins.state.gov |
$0.0 |
| 728 |
LDAP anonymous access enabled at certrep.pki.state.gov:389 |
$0.0 |
| 729 |
Default Credentials on Kinetic Core System Console - https://█████/kinetic/app/ |
$0.0 |
| 730 |
Sensitive Data Exposure via wp-config.php file |
$0.0 |
| 731 |
AEM misconfiguration leads to Information disclosure |
$0.0 |
| 732 |
LDAP Server NULL Bind Connection Information Disclosure |
$0.0 |
| 733 |
[hta3] Remote Code Execution on ████ |
$0.0 |
| 734 |
[HTA2] XXE on https://███ via SpellCheck Endpoint. |
$0.0 |
| 735 |
XSS in ServiceNow logout https://████:443 |
$0.0 |
| 736 |
CSRF to delete accounts [HtUS] |
$0.0 |
| 737 |
Exposed GIT repo on ██████████[HtUS] |
$0.0 |
| 738 |
Impact of Using the PHP Function "phpinfo()" on System Security - PHP info page disclosure |
$0.0 |
| 739 |
Leaks of username and password leads to CVE-2018-18862 exploitation |
$0.0 |
| 740 |
DOM-XSS |
$0.0 |
| 741 |
Reflected xss on https://█████████ |
$0.0 |
| 742 |
CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman |
$0.0 |
| 743 |
Docker Registry without authentication leads to docker images download |
$0.0 |
| 744 |
External service interaction ( DNS and HTTP ) in www.████████ |
$0.0 |
| 745 |
Blind Sql Injection https:/████████ |
$0.0 |
| 746 |
Adobe ColdFusion - Access Control Bypass [CVE-2023-38205] at ██████ |
$0.0 |
| 747 |
SqlInject at ██████ |
$0.0 |
| 748 |
LDAP Anonymous Login enabled in ████ |
$0.0 |
| 749 |
Blind Sql Injection in https://████████/ |
$0.0 |
| 750 |
Blind Sql Injection in https://█████/qsSearch.aspx |
$0.0 |
| 751 |
XSS Reflected |
$0.0 |
| 752 |
stored cross site scripting in https://████████.edu |
$0.0 |
| 753 |
CVE-2023-24488 xss on https://██████/ |
$0.0 |
| 754 |
[██████] Reflected XSS via Keycloak on ██████ |
$0.0 |
| 755 |
Reflected XSS at https://██████/ |
$0.0 |
| 756 |
authentication bypass |
$0.0 |
| 757 |
[█████████] Information disclosure due unauthenticated access to APIs and system browser functions |
$0.0 |
| 758 |
Information Disclosure FrontPage Configuration Information |
$0.0 |
| 759 |
User automatically logged in as Sys Admin user on https://███/Administration/Administration.aspx |
$0.0 |
| 760 |
[███████] Information disclosure due unauthenticated access to APIs and system browser functions |
$0.0 |
| 761 |
Unathenticated file read (CVE-2020-3452) |
$0.0 |
| 762 |
XSS in Cisco Endpoint |
$0.0 |
| 763 |
Full account takeover of any user through reset password |
$0.0 |
| 764 |
Elasticsearch is currently open without authentication on https://██████l |
$0.0 |
| 765 |
Adobe ColdFusion Access Control Bypass - CVE-2023-38205 |
$0.0 |
| 766 |
Unauthenticated File Read Adobe ColdFusion |
$0.0 |
| 767 |
Unauthorized access to Argo dashboard on █████ |
$0.0 |
| 768 |
Default Admin Username and Password on ███ |
$0.0 |
| 769 |
[████████] RXSS via "CurrentFolder" parameter |
$0.0 |
| 770 |
RCE via File Upload with a Null Byte Truncated File Extension at https://██████/ |
$0.0 |
| 771 |
IDOR to delete profile images in https:███████ |
$0.0 |
| 772 |
RCE on ███████ [CVE-2021-26084] |
$0.0 |
| 773 |
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) |
$0.0 |
| 774 |
RCE in ███ [CVE-2021-26084] |
$0.0 |
| 775 |
Unauthenticated Jenkins instance exposed information related to █████ |
$0.0 |
| 776 |
Time based SQL injection at████████ |
$0.0 |
| 777 |
DBMS information getting exposed publicly on -- [ ██████████ ] |
$0.0 |
| 778 |
Reflective Cross Site Scripting (XSS) on ███████/Pages |
$0.0 |
| 779 |
Full Access to sonarQube and Docker |
$0.0 |
| 780 |
Resource Injection - [████████] |
$0.0 |
| 781 |
Parâmetro XSS: Nome de usuário - █████████ |
$0.0 |
| 782 |
Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████] |
$0.0 |
| 783 |
Xss Parameter: //[*]/.css ████████ |
$0.0 |
| 784 |
Xss - ███ |
$0.0 |
| 785 |
Improper Authentication (Login without Registration with any user) at ████ |
$0.0 |
| 786 |
███ leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions |
$0.0 |
| 787 |
SQL injection on ██████████ via 'where' parameter |
$0.0 |
| 788 |
Reflected XSS via Moodle on ███ [CVE-2022-35653] |
$0.0 |
| 789 |
Reflected XSS on error message on Login Page |
$0.0 |
| 790 |
Reflected Cross-site Scripting via search query on ██████ |
$0.0 |
| 791 |
reflected xss [CVE-2020-3580] |
$0.0 |
| 792 |
Reflected XSS via Keycloak on ███ [CVE-2021-20323] |
$0.0 |
| 793 |
CVE-2021-39226 Discovered on endpoint https://██████/api/snapshots |
$0.0 |
| 794 |
Subdomain Takeover via Host Header Injection on www.█████ |
$0.0 |
| 795 |
Out-Of-Bounds Memory Read on ███ |
$0.0 |
| 796 |
Local File Disclosure on the █████ (https://████████.edu/) leads to the full source code disclosure and credentials leak |
$0.0 |
| 797 |
Subdomain takeover ████████.mil |
$0.0 |
| 798 |
CVE-2023-26347 in https://████.mil/hax/..CFIDE/adminapi/administrator.cfc?method=getBuildNumber&_cfclient=true |
$0.0 |
| 799 |
HTML Injection into https://www.██████.mil |
$0.0 |
| 800 |
Self XSS |
$0.0 |
| 801 |
Unauth IDOR to mass account takeover without user interaction on the ███████ (https://███████.edu/) |
$0.0 |
| 802 |
Authentication bypass and potential RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials |
$0.0 |
| 803 |
XXE with RCE potential on the https://█████████ (CVE-2017-3548) |
$0.0 |
| 804 |
Unauthenticated access to internal API at██████████.███.edu [HtUS] |
$0.0 |
| 805 |
Unauthenticated arbitrary file upload on the https://█████/ (█████.mil) |
$0.0 |
| 806 |
Missing Access Control Allows for User Creation and Privilege Escalation |
$0.0 |
| 807 |
Restrict any user from Login to their account |
$0.0 |
| 808 |
Email Takeover leads to permanent account deletion |
$0.0 |
| 809 |
XML External Entity (XXE) Injection |
$0.0 |
| 810 |
Local File Inclusion in download.php |
$0.0 |
| 811 |
Endpoint Redirects to Admin Page and Provides Admin role |
$0.0 |
| 812 |
Automatic Admin Access |
$0.0 |
| 813 |
IDOR : Modify other users demographic details |
$0.0 |
| 814 |
IDOR leads to view other user Biographical details (Possible PII LEAK) |
$0.0 |
| 815 |
IDOR leads to PII Leak |
$0.0 |
| 816 |
Authentication Bypass on https://███████/ |
$0.0 |
| 817 |
Subdomain takeover ██████ |
$0.0 |
| 818 |
█████████ (Android): Vulnerable to Javascript Injection and Open redirect |
$0.0 |
| 819 |
Open Akamai ARL XSS on http://media.████████ |
$0.0 |
| 820 |
Open Akamai ARL XSS on http://master-config-████████ |
$0.0 |
| 821 |
Unauthenticated arbitrary file upload on the https://█████/ (█████████) |
$0.0 |
| 822 |
Blind Stored XSS on the internal host - █████████████ |
$0.0 |
| 823 |
DoD workstation exposed to internet via TinyPilot KVM with no authentication |
$0.0 |
| 824 |
Course Registration Form Allowing an attacker to dump all the candidate name who had enrolled for the course |
$0.0 |
| 825 |
Cross Site Scripting |
$0.0 |
| 826 |
XSS on ███████ |
$0.0 |
| 827 |
XSS found for https://█████████ |
$0.0 |
| 828 |
Blind Sql Injection in https://████ |
$0.0 |