SecuritySpace - CVE-2013-6404

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID:	CVE-2013-6404
Description:	Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.
Test IDs:	1.3.6.1.4.1.25623.1.1.10.2013.0362
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6404 http://www.openwall.com/lists/oss-security/2013/11/28/8 http://osvdb.org/100432 http://secunia.com/advisories/55640 SuSE Security Announcement: openSUSE-SU-2013:1929 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html SuSE Security Announcement: openSUSE-SU-2014:0114 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html XForce ISS Database: quasselirc-cve20136404-sec-bypass(89377) https://exchange.xforce.ibmcloud.com/vulnerabilities/89377