CVE-2000-0787 | Vulnerability Database | Aqua Security

IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.

Affected Software

Name	Vendor	Start Version	End Version
Xchat	Xchat	1.2.1 (including)	1.2.1 (including)
Xchat	Xchat	1.3.9 (including)	1.3.9 (including)
Xchat	Xchat	1.3.10 (including)	1.3.10 (including)
Xchat	Xchat	1.3.11 (including)	1.3.11 (including)
Xchat	Xchat	1.3.12 (including)	1.3.12 (including)
Xchat	Xchat	1.3.13 (including)	1.3.13 (including)
Xchat	Xchat	1.4 (including)	1.4 (including)
Xchat	Xchat	1.4.1 (including)	1.4.1 (including)
Xchat	Xchat	1.4.2 (including)	1.4.2 (including)
Xchat	Xchat	1.5.6 (including)	1.5.6 (including)
Xchat	Xchat	1.5.xdev (including)	1.5.xdev (including)

References

http://archives.neohapsis.com/archives/bugtraq/2000-08/0215.html
http://archives.neohapsis.com/archives/bugtraq/2000-08/0301.html
http://archives.neohapsis.com/archives/bugtraq/2000-08/0305.html
http://www.redhat.com/support/errata/RHSA-2000-055.html
http://www.securityfocus.com/bid/1601
http://archives.neohapsis.com/archives/bugtraq/2000-08/0215.html
http://archives.neohapsis.com/archives/bugtraq/2000-08/0301.html
http://archives.neohapsis.com/archives/bugtraq/2000-08/0305.html
http://www.redhat.com/support/errata/RHSA-2000-055.html
http://www.securityfocus.com/bid/1601

NVD	https://nvd.nist.gov/vuln/detail/CVE-2000-0787
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html