CVSS: 9.8EPSS: 64%CPEs: 1EXPL: 4CVE-2020-13166 – Plesk/myLittleAdmin ViewState .NET Deserialization
https://notcve.org/view.php?id=CVE-2020-13166
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code. La herramienta de administración en MyLittleAdmin versión 3.8, permite a atacantes remotos ejecutar código arbitrario porque machineKey está embebida (lo mismo para todas las instalaciones de los clientes) en web.config, y puede ser usado para enviar código ASP serializado. • https://www.exploit-db.com/exploits/48513 http://packetstormsecurity.com/files/157808/Plesk-myLittleAdmin-ViewState-.NET-Deserialization.html https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce https://portswigger.net/daily-swig/mylittleadmin-has-a-big-unpatched-security-flaw https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/plesk_mylittleadmin_viewstate.rb • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2012-4015
https://notcve.org/view.php?id=CVE-2012-4015
Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la pantalla de gestión de myLittleTools myLittleAdmin para SQL Server 2000, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que disparan una entrada manipulada en la base de datos. • http://jvn.jp/en/jp/JVN56373673/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000087 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •