FreeBSD : vim -- multiple vulnerabilities in the netrw module (0e1e3789-d87f-11dd-8ecd-00163e000016)
High Nessus Plugin ID 35283
The remote FreeBSD host is missing one or more security-related updates.
Jan Minar reports : Applying the ``D'' to a file with a crafted file name, or inside a directory with a crafted directory name, can lead to arbitrary code execution. Lack of sanitization throughout Netrw can lead to arbitrary code execution upon opening a directory with a crafted name. The Vim Netrw Plugin shares the FTP user name and password across all FTP sessions. Every time Vim makes a new FTP connection, it sends the user name and password of the previous FTP session to the FTP server.