This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.
>> ARCHIVE: 2016-05
http://dutai.go.th/by.htm notified by GeNErAL
PowerFolder Server 10.4.321 – Remote Code Execution
Oracle ATS Arbitrary File Upload
Ubiquiti airOS Arbitrary File Upload
http://www.piangluang.go.th/by.htm notified by GeNErAL
http://www.pth.go.th/by.htm notified by GeNErAL
An independent vulnerability laboratory researcher discovered an application-side cross site scripting vulnerability in the Teampass v2.1.25/26 application.
Postfix Admin version 2.93 suffers from a cross site request forgery vulnerability.
Collectd-Web version 0.4.0 suffers from a cross site scripting vulnerability.