Page 40 of 211 results (0.018 seconds)

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 7

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. El plugin Netrw 125 en netrw.vim en Vim 7.2a.10 permite a atacantes asistidos por el usuario ejecutar comandos de su elección a través de metacaracteres de línea de comandos en utilizados para ejecutar funciones de sistema dentro de los comandos (1) mz y (2) mc, como se demostro en los casos de prueba netrw.v2 y netrw.v3. NOTA: Esta informacion existe por el arreglo incompleto de CVE-2008-2712. • https://www.exploit-db.com/exploits/32012 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://marc.info/?l=bugtraq&m=121494431426308&w=2 http://marc.info/?l=oss-security&m=122416184431388&w=2 http://secunia.com/advisories/34418 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324 http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 http://www.openwall.com/lists/oss-security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 2

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://marc.info/?l=bugtraq&m=121494431426308&w=2 http://secunia.com/advisories/34418 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324 http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 http://www.openwall.com/lists/oss-security/2008/07/07/1 http://www.openwall.com/lists/oss-security/2008/07/07/4 http://www.openwall. • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 2

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://marc.info/?l=bugtraq&m=121494431426308&w=2 http://secunia.com/advisories/34418 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324 http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 http://www.openwall.com/lists/oss-security/2008/07/07/1 http://www.openwall.com/lists/oss-security/2008/07/07/4 http://www.openwall. • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately." autoload/netrw.vim (también conocido como Netrw Plugin) v109, v131, y versiones anteriores a v133k para Vim v7.1.266, otras versiones v7.1 , y v7.2, guardan las credenciales de las sesiones FTP y envían estos datos al intentar establecer sesiones FTP posteriores a los servidores en diferentes host, lo que permite a los servidores FTP obtener información sensible en circunstancias oportunas mediante la validación con nombres de usuario y contraseñas. NOTA: el fabricante cuestiona un vector involucrando a distintos puertos en un mismo host afirmando que "Asumimos que están usando el mismo id y contraseña sobre el mismo servidor de manera intencionada". • http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://secunia.com/advisories/31464 http://secunia.com/advisories/34418 http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 http://www.openwall.com/lists/oss-security/2008/10/06/4 http://www.openwall.com/lists/oss-security/2008/10/16/2 http://www.openwall.com/lists/oss-security/20 • CWE-255: Credentials Management Errors •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. Desbordamiento de búfer basado en pila en la función mch_expand_wildcard en os_unix.c en Vim v6.2 y v6.3 permite a atacantes con la intervención del usuario ejecutar código de su elección mediante metacaracteres del interprete de comandos en el nombre de los ficheros, como se ha demostrado por el caso de prueba netrw.v3. • https://www.exploit-db.com/exploits/32225 ftp://ftp.vim.org/pub/vim/patches/6.2.429 ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/32222 http://secunia.com/advisories/32858 http://secunia.com/advisories/33410 http://support.apple.com/kb/HT3216 http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm http://www.openwall.com/lists/oss-security/2008 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •