Jan Minar

4 exploits Active since Apr 2005
EIP-2026-103787 EXPLOITDB text SUSPICIOUS
Netrw Vim Script - 's:BrowserMaps()' Command Execution
CVE-2004-1488 EXPLOITDB perl WORKING POC
GNU wget 1.8.x-1.9.x - Remote Code Execution via Terminal Escape Sequence Injection
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
CVE-2008-3076 EXPLOITDB text WRITEUP
Vim - OS Command Injection via Netrw Plugin Filename Handling
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.
CVE-2008-2712 EXPLOITDB text WRITEUP
vim < 6.4 - Remote Code Execution via Unsanitized Inputs in Vim Scripts
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.