FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371350
Date:      2014-10-22
Time:      08:54:58Z
Committer: matthew

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0e1e3789-d87f-11dd-8ecd-00163e000016vim -- multiple vulnerabilities in the netrw module

Jan Minar reports:

Applying the ``D'' to a file with a crafted file name, or inside a directory with a crafted directory name, can lead to arbitrary code execution.

Lack of sanitization throughout Netrw can lead to arbitrary code execution upon opening a directory with a crafted name.

The Vim Netrw Plugin shares the FTP user name and password across all FTP sessions. Every time Vim makes a new FTP connection, it sends the user name and password of the previous FTP session to the FTP server.


Discovery 2008-10-16
Entry 2009-01-02
vim
vim-lite
vim-gtk2
vim-gnome
ge 7.0 lt 7.2

CVE-2008-3076
http://www.openwall.com/lists/oss-security/2008/10/16/2
http://www.rdancer.org/vulnerablevim-netrw.html
http://www.rdancer.org/vulnerablevim-netrw.v2.html
http://www.rdancer.org/vulnerablevim-netrw.v5.html
http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
30866e6c-3c6d-11dd-98c9-00163e000016vim -- Vim Shell Command Injection Vulnerabilities

Rdancer.org reports:

Improper quoting in some parts of Vim written in the Vim Script can lead to arbitrary code execution upon opening a crafted file.


Discovery 2008-06-16
Entry 2008-06-21
vim
vim-lite
vim-ruby
vim6
vim6-ruby
gt 6 le 6.4.10

gt 7 lt 7.1.315

CVE-2008-2712
http://www.rdancer.org/vulnerablevim.html
30866e6c-3c6d-11dd-98c9-00163e000016vim -- Vim Shell Command Injection Vulnerabilities

Rdancer.org reports:

Improper quoting in some parts of Vim written in the Vim Script can lead to arbitrary code execution upon opening a crafted file.


Discovery 2008-06-16
Entry 2008-06-21
vim
vim-lite
vim-ruby
vim6
vim6-ruby
gt 6 le 6.4.10

gt 7 lt 7.1.315

CVE-2008-2712
http://www.rdancer.org/vulnerablevim.html
0e1e3789-d87f-11dd-8ecd-00163e000016vim -- multiple vulnerabilities in the netrw module

Jan Minar reports:

Applying the ``D'' to a file with a crafted file name, or inside a directory with a crafted directory name, can lead to arbitrary code execution.

Lack of sanitization throughout Netrw can lead to arbitrary code execution upon opening a directory with a crafted name.

The Vim Netrw Plugin shares the FTP user name and password across all FTP sessions. Every time Vim makes a new FTP connection, it sends the user name and password of the previous FTP session to the FTP server.


Discovery 2008-10-16
Entry 2009-01-02
vim
vim-lite
vim-gtk2
vim-gnome
ge 7.0 lt 7.2

CVE-2008-3076
http://www.openwall.com/lists/oss-security/2008/10/16/2
http://www.rdancer.org/vulnerablevim-netrw.html
http://www.rdancer.org/vulnerablevim-netrw.v2.html
http://www.rdancer.org/vulnerablevim-netrw.v5.html
http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html