Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-4887

EPSS 0.09% · P25
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-4887

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apple 远程桌面本地认证绕过漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apple远程桌面(ARD)是专为Mac OS X设计的远程桌面管理系统。 ARD允许从管理工作站远程发送UNIX命令。由于ARD管理员可能给予了sudo访问,因此远程发送的命令可能以root用户权限运行。 LoginWindow进程属于已登录的用户。如果系统位于登录窗口的话,则LoginWindow进程就会属于root。如果系统加载了只有root可见的磁盘镜像的话,该镜像就会试图显现在桌面上,点击鼠标会强制显示桌面及菜单,然后物理访问该系统的用户就可以看到一个查找器窗口,以及root用户的主目录。用户可
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-4887

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-4887

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-09-19 · 62 CVEs total

CVE-2006-4876Jupiter CMS 多个SQL注入漏洞
CVE-2006-4891Techno Dreams Articles & Papers Package 'ArticlesTableview.asp'SQL注入漏洞
CVE-2006-4894iDevSpot NixieAffiliate 'forms/lostpassword.php'跨站脚本攻击漏洞
CVE-2006-4893phpBB XS 输入验证漏洞
CVE-2006-4892Techno Dreams FAQ Manager Package'faqview.asp'SQL注入漏洞
CVE-2006-4881David Bennett PHP-Post 多个跨站脚本攻击漏洞
CVE-2006-4880PHP-Post 多个敏感信息泄露漏洞
CVE-2006-4879David Bennett PHP-Post 'profile.php' SQL注入漏洞
CVE-2006-4878David Bennett PHP-Post 'footer.php'目录遍历漏洞
CVE-2006-4877David Bennett PHP-Post (PHPp) 变量覆盖漏洞
CVE-2006-4882Julian Roberts Charon Cart 'Review.asp'SQL注入漏洞
CVE-2006-4875Jupiter CMS '/galleryuploadfunction.php'未指定文件上传漏洞
CVE-2006-4874Jupiter CMS 多个跨站脚本攻击漏洞
CVE-2006-4873Jupiter CMS 敏感信息泄露漏洞
CVE-2006-4872Keyvan1 ECardPro 2'search.asp'SQL注入漏洞
CVE-2006-4871Keyvan1 EShoppingPro 'search_run.asp'SQL注入漏洞
CVE-2006-4338GNU Gzip 拒绝服务或执行任意代码漏洞
CVE-2006-4337GNU GZip文档处理多个安全漏洞
CVE-2006-4336GNU GZip拒绝服务或执行任意代码漏洞
CVE-2006-4335GNU GZip拒绝服务或执行任意代码漏洞

Showing top 20 of 62 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-4887

No comments yet

Leave a comment