CVE-2025-34078

A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file nsclient.ini stores the administrative password in plaintext and is readable by local users. By extracting this password, an attack...

CVE-2025-34079

An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface default port 8443, inject arbitrary commands as externa...

CVE-2025-34078

A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file nsclient.ini stores the administrative password in plaintext and is readable by local users. By extracting this password, an attack...

CVE-2025-34079

An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface default port 8443, inject arbitrary commands as externa...

CVE-2025-34079

NSClient++ 0.5.2.35 exposes an authenticated remote code execution via the ExternalScripts API when the web interface and ExternalScripts module are enabled. An attacker who has administrator credentials can authenticate to the web interface (default port 8443), inject arbitrary commands through ...

CVE-2025-34078 NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface

A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file nsclient.ini stores the administrative password in plaintext and is readable by local users. By extracting this password, an attack...

NSClient++ 安全漏洞

NSClient++ is an NSClient open source monitoring agent program for Windows systems. A security vulnerability exists in NSClient++ version 0.5.2.35, which originates from command injection and could lead to remote code execution...

NSClient++ Local Elevation of Privilege Vulnerability

NSClient++ is an open source host monitoring agent software. A security vulnerability exists in versions of NSClient++ prior to 0.4.1.73. The vulnerability can be exploited to execute arbitrary code with elevated privileges via a malicious program.exe executable file in the %SYSTEMDRIVE% folder...