Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

vim vim vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2008-4101
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex...
Vim Vim 5.2Vim Vim 5.3Vim Vim 6.1Vim Vim 6.2Vim Vim 5.4Vim Vim 5.5Vim Vim 6.3Vim Vim 6.4Vim Vim 5.0Vim Vim 5.1Vim Vim 5.8Vim Vim 6.0Vim VimVim Vim 3.0Vim Vim 4.0Vim Vim 5.6Vim Vim 5.7Vim Vim 7.0Vim Vim 7.1
NA
CVE-2004-1138
VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7)...
Vim Development Group Vim 5.6Vim Development Group Vim 5.7Vim Development Group Vim 5.8Vim Development Group Vim 6.3.044Vim Development Group Vim 5.2Vim Development Group Vim 5.3Vim Development Group Vim 6.2Vim Development Group Vim 6.3.011Vim Development Group Vim 5.4Vim Development Group Vim 5.5Vim Development Group Vim 6.3.025Vim Development Group Vim 6.3.030Vim Development Group Vim 5.0Vim Development Group Vim 5.1Vim Development Group Vim 6.0Vim Development Group Vim 6.1
NA
CVE-2005-2368
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels....
Vim Development Group Vim 6.3.081Vim Development Group Vim 6.3Vim Development Group Vim 6.3.011Vim Development Group Vim 6.3.025Vim Development Group Vim 6.3.030Vim Development Group Vim 6.3.044
NA
CVE-2008-3294
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window,...
Vim Vim 6.3Vim Vim 6.2Vim Vim 5.4Vim Vim 5.3Vim Vim 5.8Vim Vim 5.7Vim Vim 5.0Vim Vim 7.1Vim Vim 7.0Vim Vim 6.4Vim Vim 5.6Vim Vim 5.5Vim Vim 6.1Vim Vim 6.0Vim Vim 5.2Vim Vim 5.1
NA
CVE-2009-0316
Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function...
Vim Vim 6.1Vim Vim 6.0Vim Vim 5.2Vim Vim 5.1Vim Vim 7.0Vim Vim 6.4Vim Vim 5.6Vim Vim 5.5Vim Vim 3.0Vim Vim 1.22Vim Vim 1.0Vim Vim 6.3Vim Vim 6.2Vim Vim 5.4Vim Vim 5.3Vim VimVim Vim 7.1Vim Vim 5.8Vim Vim 5.7Vim Vim 5.0Vim Vim 4.0
NA
CVE-2008-3074
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a...
Vim Vim 7.2Vim Tar.vim V.12Vim Tar.vim V.13Vim Tar.vim V.20Vim Tar.vim V.21Vim Vim 7.1Vim Vim 7.0Vim Tar.vim V.16Vim Tar.vim V.17Vim Vim 7.1.314Vim Vim 7.1.266Vim Tar.vim V.14Vim Tar.vim V.15Vim Tar.vim V.22Vim Tar.vim V.10Vim Tar.vim V.11Vim Tar.vim V.18Vim Tar.vim V.19
NA
CVE-2008-3075
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a...
Vim Vim 7.1.266Vim Vim 7.1Vim Vim 7.2Vim Vim 7.1.314Vim Zipplugin.vim V.19Vim Zipplugin.vim V.18Vim Vim 7.0Vim Vim 7.2a.10Vim Zipplugin.vim V.15Vim Zipplugin.vim V.14Vim Zipplugin.vim V.13Vim Zipplugin.vim V.17Vim Zipplugin.vim V.16Vim Zipplugin.vim V.21Vim Zipplugin.vim V.20Vim Zipplugin.vim V.12Vim Zipplugin.vim V.11
NA
CVE-2002-1377
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt....
Vim Development Group Vim 5.0Vim Development Group Vim 5.1Vim Development Group Vim 5.8Vim Development Group Vim 6.0Vim Development Group Vim 6.1Vim Development Group Vim 5.2Vim Development Group Vim 5.3Vim Development Group Vim 5.4Vim Development Group Vim 5.5Vim Development Group Vim 5.6Vim Development Group Vim 5.7
NA
CVE-2008-4677
autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts,...
Vim Netrw 109Vim Netrw 131Vim Netrw 116Vim Netrw 118Vim Netrw 112Vim Netrw 113Vim Netrw 122Vim Netrw 123Vim Netrw 114Vim Netrw 115Vim Netrw 128Vim Netrw 110Vim Netrw 111Vim Netrw 120Vim Netrw 121
NA
CVE-2005-0069
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files....
Vim Development Group Vim 6.3.011Vim Development Group Vim 6.3.025Vim Development Group Vim 6.3.030Vim Development Group Vim 6.3.044
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
file inclusionCVE-2021-41144CVE-2022-34689CVE-2023-22242CVE-2023-22322XML injectionCVE-2022-39811CVE-2022-31711buffer overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook