Vim

Vim

246 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 9.02%
  • Veröffentlicht 21.02.2009 22:30:00
  • Zuletzt bearbeitet 16.06.2026 22:55:02

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the net...

  • EPSS 2.85%
  • Veröffentlicht 28.01.2009 11:30:00
  • Zuletzt bearbeitet 16.06.2026 23:04:44

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys...

  • EPSS 8.62%
  • Veröffentlicht 10.10.2008 10:30:03
  • Zuletzt bearbeitet 16.06.2026 22:55:49

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.

Exploit
  • EPSS 9.21%
  • Veröffentlicht 18.09.2008 17:59:32
  • Zuletzt bearbeitet 16.06.2026 22:57:10

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute...

  • EPSS 4.5%
  • Veröffentlicht 24.07.2008 18:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:33

src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this...

  • EPSS 15.04%
  • Veröffentlicht 16.06.2008 21:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:17

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3)...