Thanks for all the posts everyone, this really helps

Negative: I dont work for the company that has the problem. Maybe vulnerable wasnt the right word to use. There is a webserver that has some tools that I dont think they thought people would find, if that isnt worded too awkwardely. But everything is public, so i didnt have to break into anything to get there.