Lucene search
+L

368 matches found

Krebs on Security
Krebs on Security
added 2022/02/10 1:34 a.m.19 views

Russian Govt. Continues Carding Shop Crackdown

Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown -- the second closure of major card fraud shops by Russian authorities in as many weeks -- comes closely behind Russias arrest of 14 alleged...

7AI score
Exploits0
Hacker One
Hacker One
added 2022/01/21 4:38 p.m.30 views

U.S. Dept Of Defense: Reflected XSS at https://█████ via "██████████" parameter

There is Reflected Cross site scripting issue at the following url: https://█████ Proof Of Concept https://████████?█████=%22onfocus%3d%22alertdocument.domain%22autofocus%3d%22&█████████████████████=Search ████ Best Regards @pelegn Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2022/01/20 2:5 p.m.46 views

U.S. Dept Of Defense: Arbitrary File Deletion (CVE-2020-3187) on ████████

Hello team, I hope you're doing well, healthy & wealthy. I found an Arbitrary File Deletion CVE-2020-3187 vulnerability on https://██████████/+CSCOE+/sessionpassword.html that allows the Arbitrary File Deletion. References - https://twitter.com/aboul3la/status/1286809567989575685 -...

7.5CVSS0.7AI score0.96595EPSS
Exploits4
Hacker One
Hacker One
added 2021/12/16 6:32 p.m.495 views

U.S. Dept Of Defense: Log4Shell: RCE 0-day exploit on █████████

Hi team, log4 shell is recent 0-day exploit it's Java package vulnerable. ██████████ domain is vulnerable Impact RCE System Hosts █████████ Affected Products and Versions CVE Numbers CVE-2021-44228 Steps to Reproduce 1. Go to this url =...

9.3CVSS0.7AI score0.99999EPSS
Exploits355
Hacker One
Hacker One
added 2021/12/10 2:36 p.m.25 views

U.S. Dept Of Defense: Wrong settings in ADF Faces leads to information disclosure

Hello, Team. Found some interesting links which leads to information disclosure in █████ Link 1: █████████████ Link 2: ██████████████████ Link 3: █████████████ Every link goes through https://██████to https://████ For Link 3 is possible to change data in the fields: First Name, Last Name, Phone...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2021/10/15 6:15 a.m.20 views

U.S. Dept Of Defense: Cross-site Scripting (XSS) - Reflected at https://██████████/

Hello Team, i just found a reflected xss bug on your web https://█████ Step To reproduce: poc url: https://████/7/0/33/1d/www.citysearch.com/search?what=x&where=place%22%3E%3Csvg+onload=confirmdocument.domain%3E Impact Impact Data can be stolen, or Javascript can be executed.This is will allow th...

7AI score
Exploits0
Hacker One
Hacker One
added 2021/09/02 5:49 a.m.46 views

U.S. Dept Of Defense: RCE in ███ [CVE-2021-26084]

A vulnerability in affected versions of Confluence Server and Data Center allowed authenticated users, and in some cases unauthenticated users, to execute arbitrary code. The vulnerability was due to an OGNL injection issue affecting endpoints that could be accessed by non-administrators when use...

9.8CVSS10AI score0.99999EPSS
Exploits45
Hacker One
Hacker One
added 2021/08/31 9:38 p.m.12 views

U.S. Dept Of Defense: Access to admininstrative resources/account via path traversal

Description: A user can login as an administrator without the need of an ██████████ account, or an authenticated user can access and manipulate administrative resources without needing to login as an administrator. An ████████ ███████ account is required. References Impact Exfiltration of sensiti...

1.8AI score
Exploits0
Hacker One
Hacker One
added 2021/08/23 11:47 p.m.26 views

U.S. Dept Of Defense: Open Akamai ARL XSS at ████████

Summary There is Open Akamai ARL XSS at ████ Proof-of-Concept https://█████████/7/0/33/1d/www.citysearch.com/search?what=Binit&where=Binit%22%3E%3Cimg%20src%3Dbinit%20onerror%3Dalert%28document.domain%29%3E References: - https://github.com/war-and-code/akamai-arl-hack -...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2021/08/23 11:42 p.m.14 views

U.S. Dept Of Defense: Open Akamai ARL XSS at ████████

Summary There is Open Akamai ARL XSS at ████████ Proof-of-Concept http://████/7/0/33/1d/www.citysearch.com/search?what=Binit&where=Binit%22%3E%3Cimg%20src%3Dbinit%20onerror%3Dalert%28document.domain%29%3E References: - https://github.com/war-and-code/akamai-arl-hack -...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2021/08/22 7:0 p.m.13 views

U.S. Dept Of Defense: Open Akamai ARL XSS on http://master-config-████████

The Open Akamai ARL on http://master-config-████████ was found to be vulnerable to a Reflected Cross Site Scripting XSS vulnerability. The vulnerability was discovered in the "what" and "where" parameters of the search functionality. The vulnerability allowed the execution of arbitrary JavaScript...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2021/08/22 6:54 p.m.22 views

U.S. Dept Of Defense: Open Akamai ARL XSS on http://media.████████

The Reflected Cross-site Scripting XSS vulnerability was discovered on the http://media.████ website. The vulnerability allowed the execution of arbitrary JavaScript code by injecting it into the vulnerable URL parameter. The vulnerability was found to be present in the Akamai ARL Adaptive Delive...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2021/08/14 4:28 p.m.20 views

U.S. Dept Of Defense: Reflected XSS at ████ via ██████████= parameter

Hi I found that this endpoint is vulnerable with Reflected XSS, The ███= parameter is vulnerable with RXSS PoC: ██████████?████████=%253Cimg/src/onerror=alertdocument.domain%253E Payload: Regards Impact RXSS System Hosts www.███ Affected Products and Versions CVE Numbers Steps to Reproduce...

3.8AI score
Exploits0
OSV
OSV
added 2021/08/12 10:15 p.m.4 views

CVE-2021-28890

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the 1 compId parameter to fast/sys/user/list, 2 deptId parameter to fast/sys/role/list, or 3 roleId parameter to fast/sys/role/authUser/list, related to the use of $ to join SQL statements...

9.8CVSS5.9AI score0.0134EPSS
Exploits1References1
Hacker One
Hacker One
added 2021/08/09 4:26 p.m.14 views

U.S. Dept Of Defense: EC2 subdomain takeover at http://████████/

There is a dangling DNS A record that points to an EC2 instance that no longer exists, I was able to claim the EC2 instance and host content on http://███████/. Steps To Reproduce: 1. Visit http://█████████/██████████.html and view the PoC: ██████ Suggested Remediation Steps Remove the A record...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2021/07/26 2:28 p.m.101 views

U.S. Dept Of Defense: [CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!

Description: https://████████ is vulnerable to CVE-2021-29156. References https://nvd.nist.gov/vuln/detail/CVE-2021-29156 https://portswigger.net/research/hidden-oauth-attack-vectors...

5CVSS0.8AI score0.76385EPSS
Exploits5
Hacker One
Hacker One
added 2021/07/13 6:6 p.m.81 views

U.S. Dept Of Defense: Reflected XSS - https://███

Greetings, I just found an XSS vulnerability on a page of one of your websites URL : https://████=%22%3E%3Cscript%3Ealert1%3C/script%3E https://███="alert1 By the way, could you look at my "duplicated" report when it is not? I don't mean any disrespect, but this is not the same page. thank you -...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2021/07/06 9:32 a.m.60 views

U.S. Dept Of Defense: XSS on ███

Hi , I found XSS on ██████████ IP Enumeration ████ go to https://███/+CSCOE+/logon.html?a0=15&a1=&a2=&a3=1 intercept the request by burp suite and send it to repeater then edit the request to be like this GET /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1 Host: ██████████ User-Agent: Mozilla/5.0 Windows ...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2021/07/06 6:57 a.m.16 views

U.S. Dept Of Defense: XSS on https://███████/██████████ parameter

PoC https://███████/███ Pameter 'xxslots' must be invalid Payload xss%22%20tabindex%3d1%20autofocus%20onfocus%3d%22alert ███████ Impact XSS on https://███████/ System Hosts ██████████ Affected Products and Versions CVE Numbers Steps to Reproduce Go to XSS on https://██████/██████████ Suggested...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2021/07/05 7:32 p.m.13 views

U.S. Dept Of Defense: XSS on https://████████/████' parameter

PoC https://█████/██████████ ███████ Impact XSS on https://████/ System Hosts ███ Affected Products and Versions CVE Numbers Steps to Reproduce Got to https://██████/███ Suggested Mitigation/Remediation Actions...

1.5AI score
Exploits0
Rows per page
Query Builder