CVE-2013-6404

NONECVSS 0.0

0.0

Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.

🔗 References (16)

secalert@redhathttp://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html
secalert@redhathttp://osvdb.org/100432
secalert@redhathttp://quassel-irc.org/node/123
secalert@redhathttp://secunia.com/advisories/55640
secalert@redhathttp://www.openwall.com/lists/oss-security/2013/11/28/8
secalert@redhathttps://exchange.xforce.ibmcloud.com/vulnerabilities/89377
secalert@redhathttps://github.com/quassel/quassel/commit/a1a24da
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/100432
af854a3a-2127-422b-91ae-364da2661108http://quassel-irc.org/node/123
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55640
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/11/28/8
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/89377

Is Your Infrastructure Affected by CVE-2013-6404?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-6404

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-6404?