3 matches found
CVE-2018-6384
NSClient++ (before 0.4.1.73) contains an Unquoted Windows search path vulnerability that allows non-privileged local users to execute arbitrary code with elevated privileges via a malicious program.exe placed in the %SYSTEMDRIVE% directory. Root cause: an unquoted system path can be exploited to ...
CVE-2025-34078
NSClient++ 0.5.2.35 contains a local privilege-escalation flaw when both web interface and ExternalScripts are enabled. The nsclient.ini file stores the admin password in plaintext and is readable by local users, allowing an attacker to extract the credential, authenticate to the NSClient++ web i...
CVE-2025-34079
NSClient++ 0.5.2.35 exposes an authenticated remote code execution via the ExternalScripts API when the web interface and ExternalScripts module are enabled. An attacker who has administrator credentials can authenticate to the web interface (default port 8443), inject arbitrary commands through ...