CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2009-0316
https://notcve.org/view.php?id=CVE-2009-0316
28 Jan 2009 — Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair. Una vulnerabilidad de ruta de búsqueda no confiable en el archivo src/if_python.c en la interfaz de Python en Vim en versiones anteriores a 7.2.0... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305 •
CVSS: 9.8EPSS: 10%CPEs: 19EXPL: 3CVE-2008-4101 – Vim 7.1.314 - Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-4101
18 Sep 2008 — Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. Vim 3.0 hasta 7.x anterior a 7.2.010, no escapa los caracteres de fo... • https://www.exploit-db.com/exploits/32289 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 11%CPEs: 6EXPL: 1CVE-2008-2712 – Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2712
16 Jun 2008 — Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. Vim ... • https://www.exploit-db.com/exploits/31911 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 10%CPEs: 4EXPL: 0CVE-2007-2953 – vim format string flaw
https://notcve.org/view.php?id=CVE-2007-2953
31 Jul 2007 — Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. Vulnerabilidad de cadena de formato en la función helptags_one de src/ex_cmds.c en Vim 6.4 y anteriores, y 7.x hasta 7.1, permite a atacantes remotos con la intervención del usuario ejecutar código de su elección mediante especificado... • ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039 •