Interchange
by Interchange Development Group
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0374 | 0.03 | — | 0.03 | May 4, 2004 | Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string. | |||
| CVE-2002-0874 | 0.03 | — | 0.06 | Sep 5, 2002 | Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files. | |||
| CVE-2001-0097 | 0.03 | — | 0.03 | Feb 12, 2001 | The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request. | |||
| CVE-2008-6945 | 0.00 | — | 0.01 | Aug 12, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or… | |||
| CVE-2008-2424 | 0.00 | — | 0.02 | May 23, 2008 | Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors. | |||
| CVE-2008-2423 | 0.00 | — | 0.04 | May 23, 2008 | Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests. NOTE: this might overlap CVE-2007-2635. | |||
| CVE-2007-2635 | 0.00 | — | 0.02 | May 13, 2007 | Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests. | |||
| CVE-2005-3072 | 0.00 | — | 0.02 | Sep 27, 2005 | SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||
| CVE-2005-3073 | 0.00 | — | 0.01 | Sep 27, 2005 | Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the… | |||
| CVE-2004-2668 | 0.00 | — | 0.01 | Dec 31, 2004 | SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
- CVE-2004-0374May 4, 2004risk 0.03cvss —epss 0.03
Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string.
- CVE-2002-0874Sep 5, 2002risk 0.03cvss —epss 0.06
Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files.
- CVE-2001-0097Feb 12, 2001risk 0.03cvss —epss 0.03
The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request.
- CVE-2008-6945Aug 12, 2009risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or…
- CVE-2008-2424May 23, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors.
- CVE-2008-2423May 23, 2008risk 0.00cvss —epss 0.04
Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests. NOTE: this might overlap CVE-2007-2635.
- CVE-2007-2635May 13, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests.
- CVE-2005-3072Sep 27, 2005risk 0.00cvss —epss 0.02
SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
- CVE-2005-3073Sep 27, 2005risk 0.00cvss —epss 0.01
Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the…
- CVE-2004-2668Dec 31, 2004risk 0.00cvss —epss 0.01
SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.