Computer Security
[EN] securityvulns.ru no-pyccku


Quassel IRC client command injection
Published:30.10.2008
Source:
SecurityVulns ID:9395
Type:client
Threat Level:
5/10
Description:A CTCP ping where the value contains a CTCP quoted newline ('\020' + 'n') will let the Quassel core reply with a message containing an unquoted newline ('\n'). The IRC server interprets this as a command separator.
Affected:QUASSELIRC : Quassel IRC 0.3
Original documentdocumentWouter Coekaerts, Quassel IRC: connection hijacking (30.10.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod