English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 134041 CVE descriptions
and 69903 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2008-3076
Description:The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.
Test IDs: 1.3.6.1.4.1.25623.1.0.63091   1.3.6.1.4.1.25623.1.0.63500   1.3.6.1.4.1.25623.1.0.122541  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2008-3076
Bugtraq: 20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search)
http://marc.info/?l=bugtraq&m=121494431426308&w=2
http://www.openwall.com/lists/oss-security/2008/07/07/1
http://www.openwall.com/lists/oss-security/2008/07/07/4
http://www.openwall.com/lists/oss-security/2008/07/08/12
http://marc.info/?l=oss-security&m=122416184431388&w=2
http://www.openwall.com/lists/oss-security/2008/10/20/2
http://www.rdancer.org/vulnerablevim-netrw.html
http://www.rdancer.org/vulnerablevim-netrw.v2.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
RedHat Security Advisories: RHSA-2008:0580
http://www.redhat.com/support/errata/RHSA-2008-0580.html
SuSE Security Announcement: SUSE-SR:2009:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
BugTraq ID: 30115
http://www.securityfocus.com/bid/30115
http://secunia.com/advisories/34418
XForce ISS Database: netrw-multiple-code-execution(43624)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43624

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2018 E-Soft Inc. All rights reserved.