Lucene search
K

164 matches found

Hacker One
Hacker One
added 2020/07/08 2:5 p.m.154 views

U.S. Dept Of Defense: Subdomain takeover due to an unclaimed Amazon S3 bucket on ███

Summary: An unclaimed Amazon S3 bucket on █████████ gives an attacker the possibility to gain full control over this subdomain. Description: ███████ pointed to an S3 bucket that did no longer exists. The bucket points to an Amazon S3 website bucket in the US East region. I claimed this bucket and...

6.4AI score
Exploits0
ThreatPost
ThreatPost
added 2020/06/30 1:48 p.m.196 views

CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug

The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication. The...

9.3CVSS0.8AI score0.0552EPSS
Exploits2References9
Hacker One
Hacker One
added 2020/06/18 3:44 p.m.18 views

U.S. Dept Of Defense: Stored XSS on ████████helpdesk

A Department of DefenseDoD asset was vulnerable to Stored XSS due to a file upload feature. This may have led to Local File Inclusion. The DoD Representatives were responsive and thorough when handling my report. A Department of DefenseDoD asset was vulnerable to Stored XSS due to a file upload...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2020/06/08 5:5 p.m.10 views

U.S. Dept Of Defense: Sensitive information about a ██████

Summary: https://████████/ is an U.S. Government USG Information System IS that is provided for USG-authorized use only.Due to some reason a document which contains the information about a special ███ for the ████ █████ which possibly is ███████or █████.The pdf file is located at...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2020/05/27 2:45 p.m.16 views

U.S. Dept Of Defense: Information Disclosure(PHPINFO/Credentials) on DoD Asset

Summary: A DoD leaks credentials on a phpinfo page. Description: https://███ publicly displays a phpinfo page that leaks system information and credentials. Impact The impact is medium not only due to information leakage of numerous different details such as system information but also the leakag...

Exploits0
Hacker One
Hacker One
added 2020/05/15 10:1 a.m.146 views

U.S. Dept Of Defense: RCE (Remote code execution) in one of DoD's websites

Summary: The targeted website is vulnerable to CVE-2017-1000486, by only running command was whoami to prove that the RCE exist has been run successfully on the target Description: The target uses a vulnerable version of primefaces : Primetek Primefaces 5.x, that is vulnerable to a weak encryptio...

7.5CVSS3AI score0.94104EPSS
Exploits6
Schneier on Security
Schneier on Security
added 2020/04/17 3:35 p.m.27 views

The DoD Isn't Fixing Its Security Problems

It has produced several reports outlining what's wrong and what needs to be fixed. It's not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and...

0.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/04/10 10:16 p.m.74 views

Clearing the clouds: Comparing CMMC to other frameworks

These days, I spend a lot of time talking to our cloud-based clients about Cybersecurity Maturity Model Certification CMMC: what it is, why its important, and how they can prepare. As one of the leading cybersecurity consulting firms and third-party assessment organizations 3PAO, Coalfires client...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2020/02/27 3:26 p.m.14 views

U.S. Dept Of Defense: Sensitive Information Leaking Through DoD Owned Website. [██████████]

Summary While performing recon work on websites owned by DoD i came up with ██████████ website which is leaking sensitive information. Description The above website is leaking information such as- first name and last name, email address, phone number, house address and organization name of...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2020/02/19 4:44 p.m.43 views

U.S. Dept Of Defense: Admin Login Credential Leak for DoD Gitlab EE instance

Summary A DoD employee/contractor exposed the ███ password in a GitHub repository █████████ leading to full ███ access in a DoD DISA-associated private Gitlab EE instance ███. Description The IP address ████ recently hosted the subdomain █████████ as of 2019-09-23. ██████ Now port 80 points to a...

7.8AI score
Exploits0
Hacker One
Hacker One
added 2020/02/14 2:36 a.m.14 views

U.S. Dept Of Defense: [Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator

Summary: Hello. Due to insufficient access controls and poor implementation of the registration at https://████████/████/login.cfm it was possible to register while privilege escalating to an administrator. Description: It was possible to tamper with the registration request at...

0.5AI score
Exploits0
CERT
CERT
added 2019/12/19 12:0 a.m.58 views

Telos Automated Message Handling System contains multiple vulnerabilities

Overview Telos Automated Message Handling System AMHS contains multiple XSS vulnerabilities and a database information disclosure vulnerability. Description Telos AMHS is a web-based messaging system that supports DoD and Intelligence Community IC security marking requirements. AMHS versions prio...

6.3AI score
Exploits0References2
NVD
NVD
added 2019/11/26 12:15 a.m.18 views

CVE-2011-3596

Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request...

7.5CVSS7.5AI score0.11055EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/11/25 11:53 p.m.27 views

CVE-2011-3596

Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request...

7.4AI score0.11055EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2019/11/25 11:53 p.m.38 views

CVE-2011-3596

Removed by vendor...

7.5CVSS7.5AI score0.11055EPSS
Exploits0
CVE
CVE
added 2019/11/25 11:53 p.m.67 views

CVE-2011-3596

Polipo is affected: versions prior to 1.0.4.1 suffer a DoD vulnerability triggered by specially-crafted HTTP POST/PUT requests. The available connected sources reiterate the issue but do not provide product-specific exploit details beyond the general impact described. Remediation/version guidance...

7.5CVSS7.3AI score0.11055EPSS
Exploits0References4Affected Software1
CISA
CISA
added 2019/10/31 12:0 a.m.7 views

North Korean Malicious Cyber Activity

The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Defense DoD have identified a Trojan malware variant—referred to as HOPLIGHT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the...

6.8AI score
Exploits0References2
Hacker One
Hacker One
added 2019/10/10 5:47 a.m.32 views

U.S. Dept Of Defense: Remote Code Execution in ██████

The vulnerability you reported has been resolved and this report is now closed. If you have any further questions or disagree that the report is resolved, please let us know. Thank you for your time and effort to improve the security of the DoD information network. Thanks @s3cr3tsdn for reporting...

6.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2019/10/03 10:19 p.m.54 views

What Is the DoD’s New Cybersecurity Maturity Model Certification, and What Does It Mean for Defense Contractors?

Citing the threat of compromise of Controlled Unclassified Information CUI within the defense industrial base DIB, along with the high cost of cyber breaches in general, the Office of the Assistant Secretary of Defense for Acquisition has initiated a program for rating the cybersecurity maturity ...

2.6AI score
Exploits0
Hacker One
Hacker One
added 2019/08/31 1:28 a.m.10 views

U.S. Dept Of Defense: Unauth IDOR to mass account takeover without user interaction on the ███████ (https://███████.edu/)

The vulnerability discovered was an Insecure Direct Object Reference IDOR that allowed for mass account takeover without user interaction on the ███████ https://███████.edu/ website. The vulnerability was found in the /chkUser.aspx endpoint, which was vulnerable to IDOR. The numeric user ID...

7.3AI score
Exploits0
Rows per page
Query Builder