Sylvain THUAL

5 exploits Active since Mar 2008
CVE-2008-1461 EXPLOITDB c WORKING POC
XnView 1.92.1 - Buffer Overflow via Long Filename Argument
Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker.
CVE-2008-2995 EXPLOITDB text WRITEUP
PHPEasyData 1.5.4 - SQL Injection via Annuaire Parameter or Admin Login Username
Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php.
CVE-2008-2994 EXPLOITDB text WRITEUP
PHPEasyData 1.5.4 - Cross-Site Scripting via Annuaire Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the (1) annuaire parameter to (a) last_records.php and (b) annuaire.php and the (2) by and (3) cat_id parameters to annuaire.php.
CVE-2008-2995 EXPLOITDB text WORKING POC
PHPEasyData 1.5.4 - SQL Injection via Annuaire Parameter or Admin Login Username
Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php.
CVE-2008-2994 EXPLOITDB text WRITEUP
PHPEasyData 1.5.4 - Cross-Site Scripting via Annuaire Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the (1) annuaire parameter to (a) last_records.php and (b) annuaire.php and the (2) by and (3) cat_id parameters to annuaire.php.