Vulnerabilities discovered and disclosed by the technical team at Aura Information Security.
|Name and Description||CVE(s)||Publish Date||Vendor and Product||Affected Versions|
SageCRM - SQL Injection, Arbitrary File Upload
A SQL injection and an arbitrary file upload vulnerability allow authenticated attackers to obtain access to the underlying database or obtain remote code execution.
|CVE-2017-5219, CVE-2017-5218||January 24 2017||Sage - SageCRM||7.0.e and later|
VMware Horizon DaaS - Improper IP Address Validation
Insecure data validation during RDP file creation allows an attacker to manipulate client users into connecting to a malicious server.
|VMSA-2017-0002, CVE-2017-4897||March 10 2017||VMware - Horizon Daas Platform||6.1.x|
Sitecore CRM 8.1
Authenticated vulnerabilities within Sitecore permit arbitary file upload and download.
|CVE-2017-5965, CVE-2017-5966||May 19 2017||Sitecore - Sitecore||8.1 Rev 151207|