VYPR
Vendor

Larry Garfield

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2021-32933CriApr 1, 2022
    risk 0.65cvss 10.0epss 0.01

    An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process.

  • CVE-2021-32953CriApr 1, 2022
    risk 0.64cvss 9.8epss 0.01

    An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login.

  • CVE-2021-32957HigApr 1, 2022
    risk 0.49cvss 7.5epss 0.01

    A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the…

  • CVE-2021-32949HigApr 1, 2022
    risk 0.49cvss 7.5epss 0.01

    An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file.

  • CVE-2021-32945HigApr 1, 2022
    risk 0.49cvss 7.5epss 0.00

    An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06.

  • CVE-2021-32937HigApr 1, 2022
    risk 0.49cvss 7.5epss 0.01

    An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and…

  • CVE-2012-2097Aug 14, 2012
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests involving "submitting saved results to a node."