Vulnerabilities discovered and disclosed by Aura Information Security.
|Name & Description||CVE(s)||Publish Date||Vendor & Product||Affected Versions|
|Adobe ColdFusion - Path Traversal Vulnerability||CVE-2019-8074||24 September 2019||Adobe - ColdFusion||2018 Update 4 and earlier versions, 2016 Update 11 and earlier versions|
|Sitecore CRM 8.1 - Authenticated vulnerabilities within Sitecore permit arbitary file upload and download||CVE-2017-5965, CVE-2017-5966||19 May 2017||Sitecore - Sitecore||8.1 Rev 151207|
|VMware Horizon DaaS - Insecure data validation during RDP file creation allows an attacker to manipulate client users into connecting to a malicious server||VMSA-2017-0002, CVE-2017-4897||10 March 2017||VMware - Horizon Daas Platform||6.1.x|
|SageCRM - A SQL injection and an arbitrary file upload vulnerability allow authenticated attackers to obtain access to the underlying database or obtain remote code execution||CVE-2017-5219, CVE-2017-5218||24 January 2017||Sage - SageCRM||7.0.e and later|