Vulnerabilities (CVE)

Filtered by vendor Xchat Subscribe
Filtered by product Xchat
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-5129 1 Xchat 1 Xchat 2024-11-21 5.0 MEDIUM N/A
Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string.
CVE-2009-0315 1 Xchat 1 Xchat 2024-11-21 6.9 MEDIUM N/A
Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
CVE-2008-2841 2 Microsoft, Xchat 3 Internet Explorer, Windows Nt, Xchat 2024-11-21 6.8 MEDIUM N/A
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
CVE-2006-4455 1 Xchat 1 Xchat 2024-11-21 5.0 MEDIUM N/A
** DISPUTED ** Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version".
CVE-2004-0409 1 Xchat 1 Xchat 2024-11-20 7.5 HIGH N/A
Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code.
CVE-2003-1000 1 Xchat 1 Xchat 2024-11-20 5.0 MEDIUM 7.5 HIGH
xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
CVE-2002-0382 1 Xchat 1 Xchat 2024-11-20 7.5 HIGH N/A
XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters.
CVE-2002-0006 1 Xchat 1 Xchat 2024-11-20 7.5 HIGH N/A
XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.
CVE-2001-0792 1 Xchat 1 Xchat 2024-11-20 7.5 HIGH N/A
Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname.
CVE-2000-0787 1 Xchat 1 Xchat 2024-11-20 7.5 HIGH N/A
IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.
CVE-2012-0828 3 Gnome, Xchat, Xchat-wdk 3 Gtk, Xchat, Xchat-wdk 2024-02-04 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).
CVE-2013-7449 3 Canonical, Hexchat Project, Xchat 4 Ubuntu Linux, Hexchat, Xchat and 1 more 2024-02-04 5.8 MEDIUM 6.5 MEDIUM
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.