All the vulnerabilites related to mylittletools - mylittleadmin
jvndb-2012-000087
Vulnerability from jvndb
Published
2012-09-20 12:33
Modified
2012-09-20 12:33
Summary
myLittleAdmin for SQL Server 2000 vulnerable to arbitrary script execution
Details
myLittleAdmin for SQL Server 2000 contains a vulnerability that may allow arbitrary script execution.
myLittleAdmin for SQL server 2000 from myLittleTools is a web-based database management software.The management screen in myLittleAdmin for SQL server 2000 contains a vulnerability that may allow arbitrary script execution.
maka666 reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| myLittleTools | myLittleAdmin |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000087.html",
"dc:date": "2012-09-20T12:33+09:00",
"dcterms:issued": "2012-09-20T12:33+09:00",
"dcterms:modified": "2012-09-20T12:33+09:00",
"description": "myLittleAdmin for SQL Server 2000 contains a vulnerability that may allow arbitrary script execution.\r\n\r\nmyLittleAdmin for SQL server 2000 from myLittleTools is a web-based database management software.The management screen in myLittleAdmin for SQL server 2000 contains a vulnerability that may allow arbitrary script execution.\r\n\r\nmaka666 reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000087.html",
"sec:cpe": {
"#text": "cpe:/a:mylittletools:mylittleadmin",
"@product": "myLittleAdmin",
"@vendor": "myLittleTools",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000087",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN56373673/index.html",
"@id": "JVN#56373673",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4015",
"@id": "CVE-2012-4015",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4015",
"@id": "CVE-2012-4015",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "myLittleAdmin for SQL Server 2000 vulnerable to arbitrary script execution"
}
Vulnerability from fkie_nvd
Published
2012-09-25 11:07
Modified
2024-11-21 01:42
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mylittletools | mylittleadmin | 1.2.a | |
| mylittletools | mylittleadmin | 1.2.b | |
| mylittletools | mylittleadmin | 1.5.a | |
| mylittletools | mylittleadmin | 2.0 | |
| mylittletools | mylittleadmin | 2.5 | |
| mylittletools | mylittleadmin | 2.7 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mylittletools:mylittleadmin:1.2.a:-:sqlserver2000:*:*:*:*:*",
"matchCriteriaId": "BD9E89C2-BB69-402D-BAC5-A66CDC64816A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mylittletools:mylittleadmin:1.2.b:-:sqlserver2000:*:*:*:*:*",
"matchCriteriaId": "0939B68B-A098-4A27-84C5-D93F8411DB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mylittletools:mylittleadmin:1.5.a:-:sqlserver2000:*:*:*:*:*",
"matchCriteriaId": "FD8D45E1-77A1-4DAE-A2C1-74FE6212C941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mylittletools:mylittleadmin:2.0:-:sqlserver2000:*:*:*:*:*",
"matchCriteriaId": "8CEC6A6B-31B9-481F-99B4-AAD545FACA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mylittletools:mylittleadmin:2.5:-:sqlserver2000:*:*:*:*:*",
"matchCriteriaId": "B6CBB212-3AE4-4D53-A932-1D785C7F23FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mylittletools:mylittleadmin:2.7:-:sqlserver2000:*:*:*:*:*",
"matchCriteriaId": "BC4E4EB6-702B-4973-B28B-8265C5DC8320",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D559EE-727C-405C-987C-247973A84D32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:gold:*:*:*:*:*:*",
"matchCriteriaId": "0288AFA1-CA4F-4DA0-9C22-6F2237B984DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4A74EBC1-FD61-4DD1-AC8A-E4B0F333A980",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4BC2A389-68BF-45B1-833D-96B331844424",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4E3ED68C-FBA1-45D8-8A26-BD327DDA2DA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp3a:*:*:*:*:*:*",
"matchCriteriaId": "557136FE-E5D5-467E-96ED-4C45682DA767",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A7A5116E-BD37-4539-B815-F1B70EC4D45D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la pantalla de gesti\u00f3n de myLittleTools myLittleAdmin para SQL Server 2000, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores que disparan una entrada manipulada en la base de datos."
}
],
"id": "CVE-2012-4015",
"lastModified": "2024-11-21T01:42:02.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-25T11:07:47.847",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN56373673/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN56373673/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000087"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-19 20:15
Modified
2024-11-21 05:00
Severity ?
Summary
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/157808/Plesk-myLittleAdmin-ViewState-.NET-Deserialization.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/157808/Plesk-myLittleAdmin-ViewState-.NET-Deserialization.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mylittletools | mylittleadmin | 3.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mylittletools:mylittleadmin:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B77DE62E-39E3-4E03-871A-940BA8119425",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers\u0027 installations) in web.config, and can be used to send serialized ASP code."
},
{
"lang": "es",
"value": "La herramienta de administraci\u00f3n en MyLittleAdmin versi\u00f3n 3.8, permite a atacantes remotos ejecutar c\u00f3digo arbitrario porque machineKey est\u00e1 embebida (lo mismo para todas las instalaciones de los clientes) en web.config, y puede ser usado para enviar c\u00f3digo ASP serializado."
}
],
"id": "CVE-2020-13166",
"lastModified": "2024-11-21T05:00:47.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-19T20:15:10.087",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157808/Plesk-myLittleAdmin-ViewState-.NET-Deserialization.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157808/Plesk-myLittleAdmin-ViewState-.NET-Deserialization.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-13166
Vulnerability from cvelistv5
Published
2020-05-19 19:29
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/ | x_refsource_MISC | |
| http://packetstormsecurity.com/files/157808/Plesk-myLittleAdmin-ViewState-.NET-Deserialization.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157808/Plesk-myLittleAdmin-ViewState-.NET-Deserialization.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers\u0027 installations) in web.config, and can be used to send serialized ASP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-22T20:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157808/Plesk-myLittleAdmin-ViewState-.NET-Deserialization.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers\u0027 installations) in web.config, and can be used to send serialized ASP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/",
"refsource": "MISC",
"url": "https://ssd-disclosure.com/ssd-advisory-mylittleadmin-preauth-rce/"
},
{
"name": "http://packetstormsecurity.com/files/157808/Plesk-myLittleAdmin-ViewState-.NET-Deserialization.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157808/Plesk-myLittleAdmin-ViewState-.NET-Deserialization.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13166",
"datePublished": "2020-05-19T19:29:59",
"dateReserved": "2020-05-19T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4015
Vulnerability from cvelistv5
Published
2012-09-25 10:00
Modified
2024-09-17 02:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN56373673/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000087 | third-party-advisory, x_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#56373673",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56373673/index.html"
},
{
"name": "JVNDB-2012-000087",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-25T10:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#56373673",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN56373673/index.html"
},
{
"name": "JVNDB-2012-000087",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-4015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#56373673",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN56373673/index.html"
},
{
"name": "JVNDB-2012-000087",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-4015",
"datePublished": "2012-09-25T10:00:00Z",
"dateReserved": "2012-07-12T00:00:00Z",
"dateUpdated": "2024-09-17T02:57:56.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}