Shennan Wang

2 exploits Active since Apr 2008
CVE-2008-1898 EXPLOITDB html WORKING POC
Microsoft Office and Works - Remote Code Execution via WkImgSrv.dll WksPictureInterface Property
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
CVE-2008-4932 EXPLOITDB text WORKING POC
U-Mail Webmail Server 4.91 - Arbitrary File Write via Filesystem Module Path Parameter
webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root.