9sg

4 exploits Active since Feb 2012
CVE-2011-10028 EXPLOITDB HIGH text WORKING POC
RealArcade 2.6.0.445 ActiveX - Exec Method Command Execution
The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks' platform, GameHouse.
EIP-2026-119006 EXPLOITDB text WORKING POC
Oracle AutoVue 20.0.1 AutoVueX - ActiveX Control SaveViewStateToFile
EIP-2026-119083 EXPLOITDB text WORKING POC
RealNetworks RealGames StubbyUtil.ShellCtl.1 - ActiveX Control Multiple Remote Command Executions
CVE-2012-1196 EXPLOITDB text WORKING POC
Lenovo ThinkManagement Console 9.0.3 - Path Traversal and Arbitrary File Deletion via VulCore Web Service
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request.