Fixed a code execution security issue -- authenticated users have the ability to upload files to the VSA server as required to distribute software and other files, however, in some cases, authenticated users have the ability to execute certain files on the VSA server. File uploads now have additional restricted privileges to prevent execution. (PT-516/SDP-3847)
Fixed an authentication bypass security issue -- authenticated users with knowledge of the underlying system have the ability to manipulate inputs to view machines that they are not allowed to view within their VSA scope. (PT-509/APPF-2576)
Fixed an arbitrary file read security issue -- authenticated users with knowledge of the underlying VSA system have the ability to download files from the VSA or remote computers whose files have been synced to the VSA. (PT-510/SDP-2047) (PT-511/SDP-2641) (PT-512/SDP-2640) (PT-513/SDP-2639)
Fixed a potential SQL injection flaw in the VSA web GUI which can only be accessed by authenticated administrators. (PT-515/APPF-2964)
