Vulnerabilities discovered and disclosed by the technical team at Aura Information Security.
Name and Description | CVE(s) | Publish Date | Vendor and Product | Affected Versions | |
---|---|---|---|---|---|
SageCRM - SQL Injection, Arbitrary File Upload
A SQL injection and an arbitrary file upload vulnerability allow authenticated attackers to obtain access to the underlying database or obtain remote code execution. |
CVE-2017-5219, CVE-2017-5218 | January 24 2017 | Sage - SageCRM | 7.0.e and later | |
VMware Horizon DaaS - Improper IP Address Validation
Insecure data validation during RDP file creation allows an attacker to manipulate client users into connecting to a malicious server. |
VMSA-2017-0002, CVE-2017-4897 | March 10 2017 | VMware - Horizon Daas Platform | 6.1.x | |
Sitecore CRM 8.1
Authenticated vulnerabilities within Sitecore permit arbitary file upload and download. |
CVE-2017-5965, CVE-2017-5966 | May 19 2017 | Sitecore - Sitecore | 8.1 Rev 151207 |