Launchpad.net

CVE 2016-2087

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.

See the CVE page on Mitre.org for more details.

References