6 matches found
CVE-2006-4887
Apple Remote Desktop (ARD) for macOS X 10.2.8 and later does not drop privileges on the remote machine during installation of certain applications, allowing local users to bypass authentication and gain privileges by selecting the installation icon. Root cause: failure to drop privileges during r...
CVE-2013-5229
CVE-2013-5229 concerns the Remote Desktop full-screen feature on Apple OS X versions earlier than 10.9 and Apple Remote Desktop older than 3.7. When waking from sleep during a live remote connection, the host dialog box text is sent to the connected remote host instead of the local machine, allow...
CVE-2004-0962
Apple Remote Desktop Client 1.2.4 is affected: when launched by an Apple Remote Desktop Administrator, it can run a GUI application as root, enabling remote authenticated users to execute arbitrary code with loginwindow active via Fast User Switching. This is corroborated by Red Hat and CVE datab...
CVE-2013-5135
CVE-2013-5135 targets Apple Mac OS X prior to 10.9 and Apple Remote Desktop prior to 3.5.4. The issue is a format string vulnerability in Screen Sharing Server that permits remote code execution via format string specifiers in a VNC username. Impact is remote execution of arbitrary code with netw...
CVE-2013-5136
CVE-2013-5136 affects Apple Remote Desktop prior to 3.7. The vulnerability arises because it does not properly use server authentication-type information when deciding to show an unencrypted-connection warning, allowing remote attackers to potentially obtain sensitive information by sniffing the ...
CVE-2012-0681
Apple Remote Desktop (ARD) before version 3.6.1 is vulnerable to information disclosure when connecting to third‑party VNC servers with the Encrypt all network data setting enabled. The underlying issue is ARD not encrypting VNC traffic or warning the user, allowing an attacker to sniff cleartext...