PT-2026-20513

Name of the Vulnerable Software and Affected Versions MajorDoMo versions affected versions not specified Description MajorDoMo contains a stored cross-site scripting XSS issue through the /objects/?op=set API endpoint. This endpoint is intentionally unauthenticated for integration with IoT device...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...

CVE-2025-42988

Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no...

SAP Business Objects Business Intelligence Platform 代码问题漏洞

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A code issue vulnerability exists in SAP Business Objects Business...

CVE-2024-41737

SAP CRM ABAP Insights Management allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application...

CVE-2024-34689

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

CVE-2024-39598

SAP CRM WebClient UI Framework allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the applicati...

CVE-2024-39598 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)

SAP CRM WebClient UI Framework allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the applicati...

PT-2024-28549 · Sap · Sap Crm

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI Framework affected versions not specified Description: The issue allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests, potentially resulting i...

FastFinder - Incident Response - Fast Suspicious File Finder

FastFinder is a lightweight tool made for threat hunting, live forensics and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criterias: file path / name md5 / sha1 / sha256 checksum simple string content match complex...

Zeus-Scanner - Advanced Reconnaissance Utility

Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple...

JBoss Web Services Endpoint Enumeration

JBossWS, a framework similar to JAX-WS for making Java EE web services, is listening on the remote host and lists its registered endpoints. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid66189; scriptversion"1.3";...