U.S. Dept Of Defense: Limited code execution vulnerability on a DoD website

A DoD website was misconfigured in a manner that could have allowed an attacker to execute some malicious code. @sp1d3rs was able to demonstrate this vulnerability by crafting a specially formatted URL. Thank you for notifying us of this vulnerability! This bug was an interesting one. I will writ...

U.S. Dept Of Defense: Information disclosure vulnerability on a DoD website

A Department of Defense website was misconfigured in a manner that could have exposed sensitive information. Thank you @sp1d3rs for notifying us of this! It was a trivial Full Path Disclosure issue, but still worth reporting...

U.S. Dept Of Defense: HTML Injection/Load Images vulnerability on a DoD website

A Department of Defense website was misconfigured in a manner that may have allowed a malicious user to inject remote content into a website. @jonbottarini was able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @jonbottarini!...

U.S. Dept Of Defense: Unrestricted File Download / Path Traversal

A misconfigured USTRANSCOM website allowed arbitrary system files to be downloaded. ziot was able to demonstrate this vulnerability by downloading a file from a specially crafted URL. Thanks ziot!...