Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor before 2.14 might allow remote attackers to execute arbitrary shell commands via "$" shell metacharacters, which are processed by bash.