Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Interchange Security Vulnerabilities

cve
cve

CVE-2002-0874

Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files.

6.6AI Score

0.009EPSS

2002-09-05 04:00 AM
32
cve
cve

CVE-2003-1138

The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).

6.7AI Score

0.026EPSS

2022-10-03 04:15 PM
25
cve
cve

CVE-2004-0374

Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "SQLUSER " string.

6.8AI Score

0.028EPSS

2004-05-04 04:00 AM
23
cve
cve

CVE-2005-3072

SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

8.4AI Score

0.006EPSS

2005-09-27 07:03 PM
26
cve
cve

CVE-2005-3073

Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page.

6.5AI Score

0.006EPSS

2005-09-27 07:03 PM
26
cve
cve

CVE-2007-2635

Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests.

6.5AI Score

0.006EPSS

2007-05-13 11:19 PM
25
cve
cve

CVE-2008-2423

Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests. NOTE: this might overlap CVE-2007-2635.

6.5AI Score

0.019EPSS

2008-05-23 03:33 PM
19
cve
cve

CVE-2008-2424

Unspecified vulnerability in the 404 error page for the "Standard demo" in Interchange before 5.6.0 and before 5.5.2 has unknown impact and attack vectors.

6.6AI Score

0.004EPSS

2008-05-23 03:33 PM
21
cve
cve

CVE-2008-6945

Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the valu...

6AI Score

0.004EPSS

2009-08-12 10:30 AM
17
cve
cve

CVE-2020-12685

XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript.

6.1CVSS

6AI Score

0.001EPSS

2020-05-15 05:15 PM
60