7 matches found
SUSE CVE-2013-6404
Quassel core server daemon in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in 1 16/selectbufferbyid.sql, 2 16/selectbufferbyid.sql, and 3 16/selectbufferbyid.sql i...
Mageia: Security Advisory (MGASA-2013-0362)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)
Add fix-CVE-2013-6404.diff: Fix a vulnerability by which an authenticated malicious user using a custom client, could access the backlog of all users of a quassel core. This fixes CVE-2013-6404 bnc852847. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...
CVE-2013-6404
Quassel core server daemon in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in 1 16/selectbufferbyid.sql, 2 16/selectbufferbyid.sql, and 3 16/selectbufferbyid.sql i...
CVE-2013-6404
Affected software : Quassel IRC – Quassel core (server daemon) prior to version 0.9.2. Vulnerability : Improper verification of the user ID when accessing user backlogs, allowing remote authenticated users to read other users’ backlogs via the bufferid in specific SQL queries (core/SQL/PostgreSQL...
Updated quassel package fixes security vulnerability
Security vulnerability in Quassel before 0.9.2 through which a manipulated, but properly authenticated client was able to retrieve the backlog of other users on the same core in some cases CVE-2013-6404...
MGASA-2013-0362 Updated quassel package fixes security vulnerability
Security vulnerability in Quassel before 0.9.2 through which a manipulated, but properly authenticated client was able to retrieve the backlog of other users on the same core in some cases CVE-2013-6404...