
CVE-2010-3914
https://notcve.org/view.php?id=CVE-2010-3914
03 Nov 2010 — Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en VIM Development Group GVim anterior a v7.3.034, y posiblemen... • ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034 •

CVE-2008-6235 – plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-6235
21 Feb 2009 — The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases. El plugin Netrw (netrw.vim) en Vim v7.0 y v7.1 permite a atacantes asistidos por el usuario ejecutar comandos de su elección a través de metacaracteres de línea de comandos en un fichero utilizado por (1) comando "D" (borrar) o (2) var... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2009-0316 – Mandriva Linux Security Advisory 2009-047
https://notcve.org/view.php?id=CVE-2009-0316
28 Jan 2009 — Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair. Una vulnerabilidad de ruta de búsqueda no confiable en el archivo src/if_python.c en la interfaz de Python en Vim en versiones anteriores a 7.2.0... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305 •

CVE-2008-3074 – plugin: improper Implementation of shellescape() (arbitrary code execution)
https://notcve.org/view.php?id=CVE-2008-3074
04 Dec 2008 — The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incompl... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2008-3075 – plugin: improper Implementation of shellescape() (arbitrary code execution)
https://notcve.org/view.php?id=CVE-2008-3075
04 Dec 2008 — The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2008-3076 – Netrw 125 Vim Script - Multiple Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-3076
04 Dec 2008 — The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. El plugin Netrw 125 en netrw.vim en Vim 7.2a.10 permite a atacantes asistidos por el usuario ejecutar comandos de su elección a través de metacaract... • https://www.exploit-db.com/exploits/32012 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2008-4677 – Mandriva Linux Security Advisory 2008-236
https://notcve.org/view.php?id=CVE-2008-4677
22 Oct 2008 — autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm a... • http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6 • CWE-255: Credentials Management Errors •

CVE-2008-3432 – Vim - 'mch_expand_wildcards()' Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-3432
10 Oct 2008 — Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. Desbordamiento de búfer basado en pila en la función mch_expand_wildcard en os_unix.c en Vim v6.2 y v6.3 permite a atacantes con la intervención del usuario ejecutar código de su elección mediante metacaracteres del interprete de comandos en el nombre de los ficheros, como se ... • https://www.exploit-db.com/exploits/32225 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVE-2008-4101 – Vim 7.1.314 - Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-4101
18 Sep 2008 — Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. Vim 3.0 hasta 7.x anterior a 7.2.010, no escapa los caracteres de fo... • https://www.exploit-db.com/exploits/32289 • CWE-20: Improper Input Validation •

CVE-2008-3294
https://notcve.org/view.php?id=CVE-2008-3294
24 Jul 2008 — src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure. El archivo src/configure.in en Vim versiones 5.0 hasta 7.1, cuando es usado para una compilación con soporte de Python, no garantiza que el a... • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •