Published: 18/01/2017 Updated: 02/02/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hexchat project hexchat 2.11.0

Debian Bug report logs - #852275 hexchat: CVE-2016-2087 Package: src:hexchat; Maintainer for src:hexchat is Mattia Rizzolo <mattia@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 23 Jan 2017 05:33:02 UTC Severity: important Tags: security Found in version hexchat/2101-1 Fixed in versi ...

#!/usr/bin/python # #################### # Meta information # #################### # Exploit Title: Hexchat IRC client - Server name log directory traversal # Date: 2016-01-26 # Exploit Author: PizzaHatHacker # Vendor Homepage: hexchatgithubio/indexhtml # Software Link: hexchatgithubio/downloadshtml # Version: 2110 # Tested ...

Hexchat IRC client version 2110 suffers from a directory traversal vulnerability ...

CWE-22 https://www.exploit-db.com/exploits/39656/http://packetstormsecurity.com/files/136564/Hexchat-IRC-Client-2.11.0-Directory-Traversal.html http://www.securityfocus.com/bid/95881 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852275 https://nvd.nist.gov https://www.exploit-db.com/exploits/39656/

CVE-2016-2087

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect