CVE-2016-2087 – Hexchat IRC Client 2.11.0 - Directory Traversal

https://notcve.org/view.php?id=CVE-2016-2087

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. Vulnerabilidad de salto de directorio en el cliente en HexChat 2.11.0 permite a servidores IRC remotos leer o modificar archivos arbitrarios a través de un .. (punto punto) en el nombre del servidor. Hexchat IRC client version 2.11.0 suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/39656 http://packetstormsecurity.com/files/136564/Hexchat-IRC-Client-2.11.0-Directory-Traversal.html http://www.securityfocus.com/bid/95881 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •