65 matches found
Mandriva Update for vim MDVSA-2008:236 (vim)
Check for the Version of vim OpenVAS Vulnerability Test Mandriva Update for vim MDVSA-2008:236 vim Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
CVE-2008-3075
CVE-2008-3075 affects Vim 7.0–7.2 (including 7.2a.10) via the shellescape vulnerability in the ZIP plugin (zipPlugin.vim v.11–v.21). An attacker can exploit the exclamation mark metacharacter in a ZIP filename (and possibly the first file inside) to execute arbitrary code; root cause tied to an i...
Vim多个插件字符转义任意命令执行漏洞
BUGTRAQ ID: 32462,32463 CVECAN ID: CVE-2008-3074,CVE-2008-3074 VIM是一款免费开放源代码文本编辑器,可使用在Unix/Linux操作系统下。 VIM的tar.vim和zip.vim插件中shellescape函数没有正确地转义所有项(“!”字符)。如果用户使用tar.vim插件打开了TAR文档的话,就会导致以运行Vim用户的权限执行任意指令。 VIM Development Group VIM 7.1 VIM Development Group VIM 7.0 RedHat ------...
RHEL 5 : vim (RHSA-2008:0580)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0580 advisory. - vim format string flaw CVE-2007-2953 - vim: command execution via scripts not sanitizing inputs to execute and system CVE-2008-2712 - Vim...
Vim多个Shell命令注入漏洞
BUGTRAQ ID: 29715 VIM是一款免费开放源代码文本编辑器,可使用在Unix/Linux操作系统下。 VIM的filetype.vim、tar.vim、zip.vim、xpm.vim、xpm2.vim、gzip.vim和netrw.vim脚本没有正确地转义传送给execute语句的文件名中的特殊字符,如果用户受骗打开了恶意文件的话,就可能导致向受影响系统注入并执行任意SHELL命令。 VIM Development Group VIM 7.1.314 VIM Development Group VIM 6.4 VIM Development Group...