248 matches found
CVE-2026-28417
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
EUVD-2026-9085
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
CVE-2026-28417 Vim has OS Command Injection in netrw
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
CVE-2026-28417
Vim (Vi IMproved) is affected by CVE-2026-28417 due to an OS command injection in the built-in netrw plugin. The vulnerability allows an attacker who entices a user to open a crafted URL (for example via scp://) to execute arbitrary shell commands with the Vim process privileges. Affected version...
CVE-2026-28417
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
PT-2026-22416
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0073 Description Vim is a command line text editor. A flaw exists in the netrw standard plugin bundled with Vim. An attacker can potentially execute arbitrary shell commands with the privileges of the Vim process by...
Vim 安全漏洞
Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0073 contained security vulnerabilities. These vulnerabilities stemmed from the netrw plugin, which had a vulnerability related to operating system command injection. This could allow...
EUVD-2008-4657
Malware in sbrugna...
EUVD-2008-6205
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2008-4677
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP...
SUSE CVE-2008-2712
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using 1 filetype.vim, 3 xpm.vim, 4 gzipvim, and 5 netrw. NOTE: the...
SUSE CVE-2008-3076
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the 1 mz and 2 mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue...
SUSE CVE-2008-4677
autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote...
SUSE CVE-2008-6235
The Netrw plugin netrw.vim in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the 1 "D" delete command or 2 b:netrwcurdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases...
PwnPi - A Pen Test Drop Box distro for the Raspberry Pi
PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbo...
Netrw Vim Script 's:BrowserMaps()' Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30254/info Netrw is prone to a command-execution vulnerability because the application fails to sufficiently sanitize user-supplied data. Successfully exploiting this issue can allow an attacker to execute arbitrary...
Netrw 125 Vim Script Multiple Command Execution Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/30115/info Netrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Successfully exploiting these issues can allow an attacker to execute...
Oracle Linux 5 : vim (ELSA-2008-0580)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0580 advisory. - fixes CVE-2008-3074 tar plugin - fixes CVE-2008-3075 zip plugin - fixes CVE-2008-3076 netrw plugin - fixes CVE-2008-4101 keyword and tag lookup - fix...
CentOS 5 : vim (CESA-2008:0580)
Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim Visual editor IMproved is an updated and improved version of the vi editor. Several input...
openSUSE Security Update : gvim (gvim-561)
The VI Improved editor vim was updated to version 7.2.108 to fix various security problems and other bugs. CVE-2008-4677: The netrw plugin sent credentials to all servers. CVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python cod...