Lucene search
K

33 matches found

Hacker One
Hacker One
added 2022/08/05 2:10 p.m.18 views

U.S. Dept Of Defense: stored cross site scripting in https://█████████

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. poc attached another parameter at 1636345 q21677 Impact Cookie Stealing - A malicious user can steal cookies and use them to gai...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2022/08/02 12:0 p.m.13 views

U.S. Dept Of Defense: stored cross site scripting in https://███

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. poc attached another parameter at 1636345 q21655 Impact Cookie Stealing - A malicious user can steal cookies and use them to gai...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2022/04/29 11:0 p.m.425 views

U.S. Dept Of Defense: CVE-2020-3187 - Unauthenticated Arbitrary File Deletion

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted...

7.5CVSS0.8AI score0.96595EPSS
Exploits4
Hacker One
Hacker One
added 2022/01/20 2:5 p.m.46 views

U.S. Dept Of Defense: Arbitrary File Deletion (CVE-2020-3187) on ████████

Hello team, I hope you're doing well, healthy & wealthy. I found an Arbitrary File Deletion CVE-2020-3187 vulnerability on https://██████████/+CSCOE+/sessionpassword.html that allows the Arbitrary File Deletion. References - https://twitter.com/aboul3la/status/1286809567989575685 -...

7.5CVSS0.7AI score0.96595EPSS
Exploits4
Hacker One
Hacker One
added 2021/12/11 12:16 a.m.152 views

U.S. Dept Of Defense: ██████████ running a vulnerable log4j

Description: https://vulners.com/cve/CVE-2021-44228 Impact Probably arbitrary code execution System Hosts ████████ Affected Products and Versions CVE Numbers CVE-2021-44228 Steps to Reproduce 1. Browse to https://████████/███████https%3A%2F%2F█████████%2F 2. Enter a...

9.3CVSS1AI score0.99999EPSS
Exploits354
Hacker One
Hacker One
added 2021/12/10 2:36 p.m.24 views

U.S. Dept Of Defense: Wrong settings in ADF Faces leads to information disclosure

Hello, Team. Found some interesting links which leads to information disclosure in █████ Link 1: █████████████ Link 2: ██████████████████ Link 3: █████████████ Every link goes through https://██████to https://████ For Link 3 is possible to change data in the fields: First Name, Last Name, Phone...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2021/11/21 8:11 p.m.43 views

U.S. Dept Of Defense: Rxss on █████████ via logout?service=javascript:alert(1)

Description: I found open redirect and xss Rxss at the ██████████ logout page, https://████/██████████/logout?service=https://google.com It also allows javascript URIs, leading to Xss Impact Attacker can trick users to visit malicious websites or can lead to phishing and many other type of attack...

7AI score
Exploits0
Hacker One
Hacker One
added 2021/11/08 9:24 p.m.92 views

U.S. Dept Of Defense: Unauthenticated Access to Admin Panel Functions at https://██████████/████████

Description: I discovered that the admin panel at https://████/█████ and all its functions can be accessed without authentication. Impact An attacker is able to use the administrative functions in order to upload, delete or modify files. System Hosts ████████ Affected Products and Versions ██████...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2021/08/29 2:50 p.m.50 views

U.S. Dept Of Defense: Cache Posioning leading to denial of service at `█████████` - Bypass fix from report #1198434

Vulnerability Cache Posioning CPDoS Cache Posioning Denial Of Service CPDoS 1 is taking advantage of 301 redirects by storing an false value of either domain, port or header that effect the response in any way. This makes the cache server store the false value and later delivery it to all users...

7AI score
Exploits0
Hacker One
Hacker One
added 2021/05/14 4:39 a.m.26 views

U.S. Dept Of Defense: IDOR while uploading ████ attachments at [█████████]

Description: There is an IDOR vulnerability in uploading attachments to the ████ section where an attacker can upload attachments in other user's █████████ if there is no attachment uploaded by a user. If this vulnerability will be used with a Race condition, it can allow an attacker to upload...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2021/04/05 8:56 p.m.12 views

U.S. Dept Of Defense: XML Injection / External Service Interaction (HTTP/DNS) On https://█████████.mil

Greetings, I found on one of your sites an XML Injection + External service Interaction DNS/HTTP Link of the vulnerable file : https://█████.mil/██████████ Payload XML Injection : fkp please change the link of burp collaborator and + URL encode the payload How to reproduce █████ I cut the video...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2021/03/31 11:39 p.m.25 views

U.S. Dept Of Defense: xss reflected on https://███████- (███ parameters)

Greetings, i've found an xss on█████████████████ parameters link : █████████████████ Payload : "/alert1; vulnerable parameters █████████ ████ ████ Impact A reflected XSS vulnerability happens when the user input from a URL or POST data is reflected on the page without being stored, thus allowing...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2021/02/04 8:54 p.m.23 views

U.S. Dept Of Defense: Reflected XSS in https://██████████ via "████████" parameter

Hello Security Team, I would like to report the XSS vulnerability on your system. The ██████████ parameter is not escaped properly for URL encoded values. ██████ Impact An XSS attack allows an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user...

1.3AI score
Exploits0
Rows per page
Query Builder