CVE Tools

xchat

Communicationsoss-project

6

Cumulative CVEs

5

Monthly snapshots

#35

Peak rank

Top products

xchat1 xchat gnome1

Latest CVEs

The 12 most recently published vulnerabilities affecting xchat.

CVE-2012-0828Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitr...9.8Feb 21, 2020
CVE-2013-7449The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows...6.5Apr 21, 2016
CVE-2011-5129Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string.5.0Aug 30, 2012
CVE-2009-0315Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerab...6.9Jan 28, 2009
CVE-2008-2841Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs...6.8Jun 24, 2008
CVE-2006-4455Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disput...5.0Aug 30, 2006
CVE-2001-0792Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname.7.5Sep 1, 2004
CVE-2004-0409Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code.7.5Apr 17, 2004
CVE-2003-1000xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.7.5Dec 17, 2003
CVE-2002-0006XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command ...7.5Apr 2, 2003
CVE-2002-0382XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters.7.5Apr 2, 2003
CVE-2000-0787IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.7.5Oct 13, 2000