Skip to main content

Vulnerability Disclosure

Vulnerabilities discovered and disclosed by Aura Information Security.

Aura’s vulnerability disclosure policy can be found here.

Name & Description Publish Date Vendor & Product Affected Versions
Papercut - Authenticated Arbitrary File Download (Path Traversal) 14 August 2023 Papercut - Papercut MF/NG < 22.1.1
Extreme Networks/Aerohive Unauthenticated RCE 12 July 2023 Extreme Networks IQ Engine/Aerohive HiveOS < 10.6r2
Pentaho Business Analytics Server 4 April 2023 Hitachi Vantara - Pentaho Business Analytics Server 9.4.0.1 and 9.3.0.2, including 8.3.x
Adobe ColdFusion - Path Traversal Vulnerability 24 September 2019 Adobe - ColdFusion < 2018 Update 4 and < 2016 Update 11
Sitecore CRM 8.1 - Authenticated vulnerabilities within Sitecore permit arbitary file upload and download 19 May 2017 Sitecore - Sitecore 8.1 Rev 151207
VMware Horizon DaaS - Insecure data validation during RDP file creation allows an attacker to manipulate client users into connecting to a malicious server 10 March 2017 VMware - Horizon Daas Platform 6.1.x
SageCRM - A SQL injection and an arbitrary file upload vulnerability allow authenticated attackers to obtain access to the underlying database or obtain remote code execution 24 January 2017 Sage - SageCRM 7.0.e and later