VMware fixes command injection, file upload flaws in Carbon Black security tool