CVSS: 9.8EPSS: 11%CPEs: 6EXPL: 1CVE-2008-2712 – Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2712
16 Jun 2008 — Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. Vim ... • https://www.exploit-db.com/exploits/31911 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 10%CPEs: 4EXPL: 0CVE-2007-2953 – vim format string flaw
https://notcve.org/view.php?id=CVE-2007-2953
31 Jul 2007 — Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. Vulnerabilidad de cadena de formato en la función helptags_one de src/ex_cmds.c en Vim 6.4 y anteriores, y 7.x hasta 7.1, permite a atacantes remotos con la intervención del usuario ejecutar código de su elección mediante especificado... • ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039 •