Page 38 of 192 results (0.066 seconds)

CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 2

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://marc.info/?l=bugtraq&m=121494431426308&w=2 http://secunia.com/advisories/34418 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324 http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 http://www.openwall.com/lists/oss-security/2008/07/07/1 http://www.openwall.com/lists/oss-security/2008/07/07/4 http://www.openwall. • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 2

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://marc.info/?l=bugtraq&m=121494431426308&w=2 http://secunia.com/advisories/34418 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324 http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 http://www.openwall.com/lists/oss-security/2008/07/07/1 http://www.openwall.com/lists/oss-security/2008/07/07/4 http://www.openwall. • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 0%CPEs: 19EXPL: 3

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. Vim 3.0 hasta 7.x anterior a 7.2.010, no escapa los caracteres de forma adecuada, esto permite a atacantes con la ayuda del usuario local (1) ejecutar instrucciones de su elección en el intérprete de comandos al introducir una pulsación de la tecla K en una línea que contiene un ";" (punto y coma), seguido de un comando, o ejecutar comandos Ex de su elección al introducir un argumento después de una secuencia de teclado: (2)"Ctrl-]" (control corchete de cierre) o (3) "g]" (g corchete de cierre). NOTA: se trata de una vulnerabilidad diferente de CVE-2008-2712. • https://www.exploit-db.com/exploits/32289 http://ftp.vim.org/pub/vim/patches/7.2/7.2.010 http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2 http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2 http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33 http://lists.apple.com/archives/ • CWE-20: Improper Input Validation •

CVSS: 3.7EPSS: 0%CPEs: 16EXPL: 0

src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure. El archivo src/configure.in en Vim versiones 5.0 hasta 7.1, cuando es usado para una compilación con soporte de Python, no garantiza que el archivo temporal Makefile-conf tenga la propiedad y los permisos previstos, lo que permite a usuarios locales ejecutar código arbitrario mediante la modificación de este archivo durante una ventana de tiempo o creándolo de antemano con permisos que impiden su modificación al configurarlo. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://seclists.org/fulldisclosure/2008/Jul/0312.html http://secunia.com/advisories/31159 http://secunia.com/advisories/32222 http://support.apple.com/kb/HT3216 http://www.securityfocus.com/archive/1/494532/100/0/threaded http://www.securityfocus.com/archive/1/494535/100/0/threaded http://www.securityfocus.com/archive/1/494736/100/0/threaded http://www.securityfocus.com/bid/31681 http://www.vupen& • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 1

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. Vim 7.1.314, 6.4 y otras versiones, permiten a atacantes remotos asistidos por el usuario ejecutar comandos de su elección a través de secuencias de comandos Vim que cuyos inputs no son limpiados correctamente previa a la ejecución o las funciones del sistema como se ha demostrado con (1) filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim y (5) netrw. • https://www.exploit-db.com/exploits/31911 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://marc.info/?l=bugtraq&m=121494431426308&w=2 http://secunia.com/advisories/30731 http://secunia.com/advisories/32222 http://secunia.com/advisories/32858 http://secunia.com/advisories/32864 http://secunia.com/a • CWE-20: Improper Input Validation •