Command injection

The Netrw plugin netrw.vim in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the 1 "D" delete command or 2 b:netrwcurdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases...

CVE-2008-6235

The Netrw plugin netrw.vim in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the 1 "D" delete command or 2 b:netrwcurdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases...

CVE-2008-6235

The Netrw plugin netrw.vim in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the 1 "D" delete command or 2 b:netrwcurdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases...

Information disclosure

autoload/netrw.vim aka the Netrw Plugin 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote...

CVE-2008-4677

CVE-2008-4677 affects the Netrw plugin (autoload/netrw.vim) in Vim 7.1.x and 7.2-era configurations, where credentials stored for an FTP session could be disclosed to remote servers. The issue stems from the netrw plugin sending stored usernames/passwords during subsequent FTP attempts to differe...

Collection of Vulnerabilities in Fully Patched Vim 7.1

Summary Product : Vim -- Vi IMproved Version : Tested with 7.1.314 and 6.4 Impact : Arbitrary code execution Wherefrom: Local and remote Original : http://www.rdancer.org/vulnerablevim.html Improper quoting in some parts of Vim written in the Vim Script can lead to arbitrary code execution upon...