64 matches found
Command injection
The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...
DEBIAN-CVE-2007-2438
The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...
CVE-2007-2438
The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...
CVE-2007-2438
The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...
CVE-2007-2438
The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...
CVE-2007-2438
CVE-2007-2438 targets Vim’s sandbox, where modeline parsing grants access to dangerous functions (writefile, feedkeys, system), enabling user-assisted execution of shell commands and file writes. The issue affects Vim components exposed to modelines and has been addressed in multiple advisories a...
Mandrake Linux Security Advisory : vim (MDKSA-2005:148)
A vulnerability was discovered in the way that vim processed modelines. If a user with modelines enabled opened a textfile with a specially crafted modeline, arbitrary commands could be executed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
security flaw
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...
CVE-2005-2368
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...
CVE-2005-2368
CVE-2005-2368 affects Vim (pre-6.3.082) where, with modelines enabled, a crafted modeline could cause execution of arbitrary commands via shell metacharacters in fold-related expressions. The security issue has been addressed in multiple advisories (RHSA-2005:745, CentOS/CESA-2005:745-01, MDKSA-2...
CVE-2005-2368
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...
DEBIAN-CVE-2005-2368
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...
[Full-disclosure] Help poor children in Uganda
Georgi Guninski security advisory 75, 2005 Help poor children in Uganda Systems affected: vim 6.3 Date: 25 July 2005 Legal Notice: This Advisory is Copyright c 2005 Georgi Guninski. You may not modify it and distribute it or distribute parts of it without the author's written permission - this...
Unfiltered shell characters in vim editor
modelines mode shell characters problem on file open...
CVE-2004-1138
VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as 1 termcap, 2 printdevice, 3 titleold, 4 filetype, 5 syntax, 6 backupext, 7 keymap, 8 patchmode, or 9 langmenu...
vim privilege escalation
Icorrect modelines options handling...
[ GLSA 200412-10 ] Vim, gVim: Vulnerable options in modelines
Gentoo Linux Security Advisory GLSA 200412-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
GLSA-200412-10 : Vim, gVim: Vulnerable options in modelines
The remote host is affected by the vulnerability described in GLSA-200412-10 Vim, gVim: Vulnerable options in modelines Gentoo's Vim maintainer, Ciaran McCreesh, found several vulnerabilities related to the use of options in Vim modelines. Options like 'termcap', 'printdevice', 'titleold',...
Vim, gVim: Vulnerable options in modelines
Background Vim is an efficient, highly configurable improved version of the classic 'vi' text editor. gVim is the GUI version of Vim. Description Gentoo's Vim maintainer, Ciaran McCreesh, found several vulnerabilities related to the use of options in Vim modelines. Options like 'termcap',...
CVE-2002-1377
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt...