VYPR

Interchange

by Interchange Development Group

CVEs (10)

  • CVE-2004-0374May 4, 2004
    risk 0.03cvss epss 0.03

    Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string.

  • CVE-2002-0874Sep 5, 2002
    risk 0.03cvss epss 0.06

    Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files.

  • CVE-2001-0097Feb 12, 2001
    risk 0.03cvss epss 0.03

    The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request.

  • CVE-2008-6945Aug 12, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or…

  • CVE-2008-2424May 23, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors.

  • CVE-2008-2423May 23, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests. NOTE: this might overlap CVE-2007-2635.

  • CVE-2007-2635May 13, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests.

  • CVE-2005-3072Sep 27, 2005
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2005-3073Sep 27, 2005
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the…

  • CVE-2004-2668Dec 31, 2004
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.