Lucene search
K

132 matches found

CVE
CVE
added 2009/02/21 10:0 p.m.89 views

CVE-2008-3076

CVE-2008-3076 affects the Netrw plugin (netrw.vim) in Vim 7.x; user-assisted attackers could run arbitrary code by supplying shell metacharacters in filenames used by execute and system in the mz and mc commands (as shown by netrw.v2/v3 test cases). Root cause is linked to an incomplete fix for C...

9.3CVSS8AI score0.09023EPSS
Exploits1References16Affected Software1
RedHat Linux
RedHat Linux
added 2008/11/25 9:0 a.m.4 views

vim: command execution via scripts not sanitizing inputs to execute and system

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using 1 filetype.vim, 3 xpm.vim, 4 gzipvim, and 5 netrw. NOTE: the...

9.3CVSS6AI score0.15044EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2008/11/25 8:41 a.m.5 views

plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution

The Netrw plugin netrw.vim in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the 1 "D" delete command or 2 b:netrwcurdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases...

9.3CVSS6.1AI score0.02989EPSS
Exploits1References4
Oracle linux
Oracle linux
added 2008/11/25 12:0 a.m.41 views

vim security update

7.0.109-4.4z - fix netrw 7.0.109-4.3z - fixes CVE-2008-3074 tar plugin - fixes CVE-2008-3075 zip plugin - fixes CVE-2008-3076 netrw plugin - fixes CVE-2008-4101 keyword and tag lookup 7.0.109-4.2z - fix some issues with netrw and remote file editing caused by the CVE-2008-2712 patch 7.0.109-4.1z ...

9.3CVSS1.5AI score0.15044EPSS
Exploits7
OSV
OSV
added 2008/10/22 6:0 p.m.3 views

CVE-2008-4677

autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote...

6.1AI score
Exploits0References15
OSV
OSV
added 2008/10/22 6:0 p.m.2 views

DEBIAN-CVE-2008-4677

autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote...

4.3CVSS8.6AI score0.01953EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2008/10/22 6:0 p.m.21 views

CVE-2008-4677

autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote...

4.3CVSS7.2AI score0.01953EPSS
Exploits0References1
Prion
Prion
added 2008/10/22 6:0 p.m.17 views

Information disclosure

autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote...

4.3CVSS6.4AI score0.01953EPSS
Exploits0References15Affected Software1
Debian CVE
Debian CVE
added 2008/10/22 5:0 p.m.37 views

CVE-2008-4677

autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote...

4.3CVSS2.7AI score0.01953EPSS
Exploits0
Cvelist
Cvelist
added 2008/10/22 5:0 p.m.25 views

CVE-2008-4677

autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote...

7.4AI score0.01953EPSS
Exploits0References15
CVE
CVE
added 2008/10/22 5:0 p.m.60 views

CVE-2008-4677

CVE-2008-4677 affects the Netrw plugin (autoload/netrw.vim) in Vim 7.1.x and 7.2-era configurations, where credentials stored for an FTP session could be disclosed to remote servers. The issue stems from the netrw plugin sending stored usernames/passwords during subsequent FTP attempts to differe...

4.3CVSS8AI score0.01953EPSS
Exploits0References15Affected Software1
Packet Storm
Packet Storm
added 2008/08/13 12:0 a.m.25 views

vim-ftp.txt

Vim: Netrw: FTP User Name and Password Disclosure 1. SUMMARY Product : Vim -- Vi IMproved Versions : Tested with Vim 7.1.266, 7.2, autoload/netrw.vim v131, v109 Impact : Credentials disclosure Wherefrom: Remote Original : http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html The Vim Net...

7.4AI score
Exploits0
Rows per page
Query Builder