Xchat

Xchat

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2012-0828

  • EPSS 5.89%
  • Published 21.02.2020 18:15:11
  • Last modified 21.11.2024 01:35:48

Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing char...

6.5

CVE-2013-7449

  • EPSS 0.15%
  • Published 21.04.2016 14:59:00
  • Last modified 12.04.2025 10:46:40

The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

5

CVE-2011-5129

Exploit
  • EPSS 30.07%
  • Published 30.08.2012 22:55:03
  • Last modified 11.04.2025 00:51:21

Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string.

6.9

CVE-2009-0315

  • EPSS 0.06%
  • Published 28.01.2009 11:30:00
  • Last modified 09.04.2025 00:30:58

Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

6.8

CVE-2008-2841

  • EPSS 31.19%
  • Published 24.06.2008 19:41:00
  • Last modified 09.04.2025 00:30:58

Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.

5

CVE-2006-4455

  • EPSS 47.51%
  • Published 30.08.2006 16:04:00
  • Last modified 03.04.2025 01:03:51

Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affec...

7.5

CVE-2004-0409

  • EPSS 26.77%
  • Published 01.06.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code.

7.5

CVE-2003-1000

  • EPSS 1.11%
  • Published 05.01.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.

7.5

CVE-2002-0006

  • EPSS 8.63%
  • Published 25.06.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in...

7.5

CVE-2002-0382

  • EPSS 1.08%
  • Published 25.06.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters.