2 matches found
CVE-2015-0941
CVE-2015-0941 : The Inetc plug‑in for NSIS does not validate SSL certificates, enabling MITM attacks that could spoof servers and potentially execute arbitrary code during download of Windows executables. Affected: NSIS Inetc plug‑in (used in FOE and other products). Impact: possible arbitrary co...
KLA10499 Code execution vulnerability in NSIS
Lack of certificates verification was found in NSIS. By exploiting this vulnerability malicious users execute arbitrary code. This vulnerability can be exploited remotely via a specially designed certificate. Original advisories - Related products Nullsoft-Scriptable-Install-System CVE list...