Lucene search
K

248 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/27 9:54 p.m.17 views

CVE-2026-28417

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

7.8CVSS6.1AI score0.01162EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/02/27 9:54 p.m.6 views

EUVD-2026-9085

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

4.4CVSS6.1AI score0.01162EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 9:54 p.m.5 views

CVE-2026-28417 Vim has OS Command Injection in netrw

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

4.4CVSS6.1AI score0.01162EPSS
Exploits0References6
CVE
CVE
added 2026/02/27 9:54 p.m.75 views

CVE-2026-28417

Vim (Vi IMproved) is affected by CVE-2026-28417 due to an OS command injection in the built-in netrw plugin. The vulnerability allows an attacker who entices a user to open a crafted URL (for example via scp://) to execute arbitrary shell commands with the Vim process privileges. Affected version...

7.8CVSS6.1AI score0.01162EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/02/27 9:54 p.m.4 views

CVE-2026-28417

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

7.8CVSS6.1AI score0.01162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.8 views

PT-2026-22416

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0073 Description Vim is a command line text editor. A flaw exists in the netrw standard plugin bundled with Vim. An attacker can potentially execute arbitrary shell commands with the privileges of the Vim process by...

7.8CVSS7.1AI score0.01162EPSS
Exploits0References104
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

Vim 安全漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0073 contained security vulnerabilities. These vulnerabilities stemmed from the netrw plugin, which had a vulnerability related to operating system command injection. This could allow...

7.8CVSS6.9AI score0.01162EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-4657

Malware in sbrugna...

4.3CVSS8.4AI score0.01953EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-6205

Malware in sbrugna...

9.3CVSS6.1AI score0.02989EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2008-4677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP...

4.3CVSS8.3AI score0.01953EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.2 views

SUSE CVE-2008-2712

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using 1 filetype.vim, 3 xpm.vim, 4 gzipvim, and 5 netrw. NOTE: the...

9.3CVSS7.8AI score0.15044EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.3 views

SUSE CVE-2008-3076

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the 1 mz and 2 mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue...

9.3CVSS8AI score0.09023EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:6 a.m.3 views

SUSE CVE-2008-4677

autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote...

4.3CVSS8.7AI score0.01953EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.3 views

SUSE CVE-2008-6235

The Netrw plugin netrw.vim in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the 1 "D" delete command or 2 b:netrwcurdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases...

9.3CVSS7.9AI score0.02989EPSS
Exploits1References4
Kitploit
Kitploit
added 2014/07/21 9:9 p.m.29 views

PwnPi - A Pen Test Drop Box distro for the Raspberry Pi

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbo...

8.9AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Netrw Vim Script 's:BrowserMaps()' Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30254/info Netrw is prone to a command-execution vulnerability because the application fails to sufficiently sanitize user-supplied data. Successfully exploiting this issue can allow an attacker to execute arbitrary...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Netrw 125 Vim Script Multiple Command Execution Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/30115/info Netrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Successfully exploiting these issues can allow an attacker to execute...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.30 views

Oracle Linux 5 : vim (ELSA-2008-0580)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0580 advisory. - fixes CVE-2008-3074 tar plugin - fixes CVE-2008-3075 zip plugin - fixes CVE-2008-3076 netrw plugin - fixes CVE-2008-4101 keyword and tag lookup - fix...

9.3CVSS6.5AI score0.15044EPSS
Exploits7References7
Tenable Nessus
Tenable Nessus
added 2010/01/06 12:0 a.m.31 views

CentOS 5 : vim (CESA-2008:0580)

Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim Visual editor IMproved is an updated and improved version of the vi editor. Several input...

9.3CVSS7.3AI score0.15044EPSS
Exploits7References9
Tenable Nessus
Tenable Nessus
added 2009/07/21 12:0 a.m.37 views

openSUSE Security Update : gvim (gvim-561)

The VI Improved editor vim was updated to version 7.2.108 to fix various security problems and other bugs. CVE-2008-4677: The netrw plugin sent credentials to all servers. CVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python cod...

9.3CVSS7.5AI score0.15044EPSS
Exploits6References13
Rows per page
Query Builder