Nullsoft Scriptable Install System 安全漏洞

Nullsoft Scriptable Install System is a professional open source system for creating Windows installers. A security vulnerability exists in Nullsoft Scriptable Install System NSIS versions prior to 3.09, which stems from improper handling of access control to the uninstaller directory...

PT-2023-4535

Name of the Vulnerable Software and Affected Versions Nullsoft Scriptable Install System NSIS versions prior to 3.09 Description The issue is related to insufficient access control in the Nullsoft Scriptable Install System, which can be exploited by a remote attacker to elevate their privileges...

Design/Logic Flaw

Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...

CVE-2015-9268

Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...

DEBIAN-CVE-2015-9267

Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...

CVE-2015-9267

Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...

CVE-2015-9267

Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...

MGASA-2017-0271 Updated mingw-nsis packages fix security vulnerability

The Nullsoft Scriptable Install System version 2.50 contains a DLL hijacking attack which allows administrative root level access on the target Windows system...

Updated mingw-nsis packages fix security vulnerability

The Nullsoft Scriptable Install System version 2.50 contains a DLL hijacking attack which allows administrative root level access on the target Windows system...

Nullsoft Scriptable Install System Inetc Plugin Security Bypass Vulnerability

Nullsoft Scriptable Install System NSIS is the United States Nullsoft company's set of script-based open source system used to create Windows installer. Inetc Internet client is one of the Internet to provide file upload and download plug-ins. A security vulnerability exists in the Inetc plug-in...

CVE-2015-0941

The Inetc plugin for Nullsoft Scriptable Install System NSIS, as used in CERT/CC Failure Observation Engine FOE and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a craft...

CVE-2015-0941

CVE-2015-0941 : The Inetc plug‑in for NSIS does not validate SSL certificates, enabling MITM attacks that could spoof servers and potentially execute arbitrary code during download of Windows executables. Affected: NSIS Inetc plug‑in (used in FOE and other products). Impact: possible arbitrary co...