FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0e1e3789-d87f-11dd-8ecd-00163e000016vim -- multiple vulnerabilities in the netrw module

Jan Minar reports:

Applying the ``D'' to a file with a crafted file name, or inside a directory with a crafted directory name, can lead to arbitrary code execution.

Lack of sanitization throughout Netrw can lead to arbitrary code execution upon opening a directory with a crafted name.

The Vim Netrw Plugin shares the FTP user name and password across all FTP sessions. Every time Vim makes a new FTP connection, it sends the user name and password of the previous FTP session to the FTP server.


Discovery 2008-10-16
Entry 2009-01-02
vim
vim-console
vim-lite
vim-gtk2
vim-gnome
ge 7.0 lt 7.2

CVE-2008-3076
http://www.openwall.com/lists/oss-security/2008/10/16/2
http://www.rdancer.org/vulnerablevim-netrw.html
http://www.rdancer.org/vulnerablevim-netrw.v2.html
http://www.rdancer.org/vulnerablevim-netrw.v5.html
http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html