vim vim vulnerabilities and exploits

(subscribe to this query)

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim prior to 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-...

Vim Vim Vim Vim 1.0 Vim Vim 1.22 Vim Vim 3.0 Vim Vim 4.0 Vim Vim 5.0 Vim Vim 5.1 Vim Vim 5.2 Vim Vim 5.3 Vim Vim 5.4 Vim Vim 5.5 Vim Vim 5.6

Vim 3.0 up to and including 7.x prior to 7.2.010 does not properly escape characters, which allows user-assisted malicious users to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute...

Vim Vim Vim Vim 3.0 Vim Vim 4.0 Vim Vim 5.0 Vim Vim 5.1 Vim Vim 5.2 Vim Vim 5.3 Vim Vim 5.4 Vim Vim 5.5 Vim Vim 5.6 Vim Vim 5.7 Vim Vim 5.8

1 EDB exploit

src/configure.in in Vim 5.0 up to and including 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a tim...

Vim Vim 5.0 Vim Vim 5.1 Vim Vim 5.2 Vim Vim 5.3 Vim Vim 5.4 Vim Vim 5.5 Vim Vim 5.6 Vim Vim 5.7 Vim Vim 5.8 Vim Vim 6.0 Vim Vim 6.1 Vim Vim 6.2

VIM prior to 6.3 and gVim prior to 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) ...

Vim Development Group Vim 5.0 Vim Development Group Vim 5.1 Vim Development Group Vim 5.2 Vim Development Group Vim 5.3 Vim Development Group Vim 5.4 Vim Development Group Vim 5.5 Vim Development Group Vim 5.6 Vim Development Group Vim 5.7 Vim Development Group Vim 5.8 Vim Development Group Vim 6.0 Vim Development Group Vim 6.1 Vim Development Group Vim 6.2

vim 6.0 and 6.1, and possibly other versions, allows malicious users to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.

Vim Development Group Vim 5.0 Vim Development Group Vim 5.1 Vim Development Group Vim 5.2 Vim Development Group Vim 5.3 Vim Development Group Vim 5.4 Vim Development Group Vim 5.5 Vim Development Group Vim 5.6 Vim Development Group Vim 5.7 Vim Development Group Vim 5.8 Vim Development Group Vim 6.0 Vim Development Group Vim 6.1

The shellescape function in Vim 7.0 up to and including 7.2, including 7.2a.10, allows user-assisted malicious users to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the f...

Vim Vim 7.0 Vim Vim 7.1 Vim Vim 7.1.266 Vim Vim 7.1.314 Vim Vim 7.2 Vim Vim 7.2a.10 Vim Zipplugin.vim V.11 Vim Zipplugin.vim V.12 Vim Zipplugin.vim V.13 Vim Zipplugin.vim V.14 Vim Zipplugin.vim V.15 Vim Zipplugin.vim V.16

Untrusted search path vulnerability in VIM Development Group GVim prior to 7.3.034, and possibly other versions prior to 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other D...

Vim Gvim Vim Gvim 7.3.01 Vim Gvim 7.3.02 Vim Gvim 7.3.03 Vim Gvim 7.3.04 Vim Gvim 7.3.05 Vim Gvim 7.3.06 Vim Gvim 7.3.07 Vim Gvim 7.3.08 Vim Gvim 7.3.09 Vim Gvim 7.3.010 Vim Gvim 7.3.011

The shellescape function in Vim 7.0 up to and including 7.2, including 7.2a.10, allows user-assisted malicious users to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the f...

Vim Tar.vim V.10 Vim Tar.vim V.11 Vim Tar.vim V.12 Vim Tar.vim V.13 Vim Tar.vim V.14 Vim Tar.vim V.15 Vim Tar.vim V.16 Vim Tar.vim V.17 Vim Tar.vim V.18 Vim Tar.vim V.19 Vim Tar.vim V.20 Vim Tar.vim V.21

vim 6.3 prior to 6.3.082, with modelines enabled, allows external user-assisted malicious users to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.

Vim Development Group Vim 6.3 Vim Development Group Vim 6.3.011 Vim Development Group Vim 6.3.025 Vim Development Group Vim 6.3.030 Vim Development Group Vim 6.3.044 Vim Development Group Vim 6.3.081

autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions prior to 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts,...

Vim Netrw 109 Vim Netrw 110 Vim Netrw 111 Vim Netrw 112 Vim Netrw 113 Vim Netrw 114 Vim Netrw 115 Vim Netrw 116 Vim Netrw 118 Vim Netrw 120 Vim Netrw 121 Vim Netrw 122

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook