CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2008-3294
https://notcve.org/view.php?id=CVE-2008-3294
24 Jul 2008 — src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure. El archivo src/configure.in en Vim versiones 5.0 hasta 7.1, cuando es usado para una compilación con soporte de Python, no garantiza que el a... • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 11%CPEs: 6EXPL: 1CVE-2008-2712 – Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2712
16 Jun 2008 — Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. Vim ... • https://www.exploit-db.com/exploits/31911 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 10%CPEs: 4EXPL: 0CVE-2007-2953 – vim format string flaw
https://notcve.org/view.php?id=CVE-2007-2953
31 Jul 2007 — Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. Vulnerabilidad de cadena de formato en la función helptags_one de src/ex_cmds.c en Vim 6.4 y anteriores, y 7.x hasta 7.1, permite a atacantes remotos con la intervención del usuario ejecutar código de su elección mediante especificado... • ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039 •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2004-1138
https://notcve.org/view.php?id=CVE-2004-1138
22 Dec 2004 — VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. • http://marc.info/?l=bugtraq&m=110313588125609&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2002-1377
https://notcve.org/view.php?id=CVE-2002-1377
23 Dec 2002 — vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. vim 6.0 y 6.1 y posiblemente otras versiones, permite a atacantes ejecutar comandos arbitrarios usando la característica libcall en lineas de modo, que no son apantalladas si no que pueden ser ejecutadas cuando vim es usado como editor para otros productos como mu... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812 •