5 matches found
CVE-2004-0374
CVE-2004-0374 affects Interchange prior to 5.0.1. The root cause is missing input sanitising, enabling remote attackers to expose the content of arbitrary variables and read or modify sensitive SQL information via an HTTP request ending with SQLUSER . The Debian advisories (DSA-471) note fixes: w...
CVE-2005-3073
Interchange 5.0.1 has an unspecified vulnerability that, when a catalog is created with the demo suites (mike, standard, or foundation), allows injection of Interchange Tag Language (ITL) elements into the forum/submit.html page. Affected products/versions include Interchange 4.9.3, 5.0 before 5....
CVE-2007-2635
CVE-2007-2635 affects Interchange prior to 5.4.2 (and related lines) with an unspecified vulnerability that allows remote attackers to cause a denial of service (potential server hang) via crafted HTTP requests. Multiple sources confirm the issue and the fix is to upgrade to Interchange 5.4.2 or ...
CVE-2005-3072
CVE-2005-3072 corresponds to a SQL injection in Interchange that affects versions 4.9.3 up to 5.2.0, specifically via the forum/submit.html handling. The vulnerability allows remote attackers to execute arbitrary SQL commands; the exact injection vectors are not clearly described in the provided ...
CVE-2008-2423
Interchange vulnerability CVE-2008-2423 affects Interchange prior to 5.6.0 and prior to 5.5.2, allowing remote DoS via crafted HTTP requests. Root cause not detailed in the provided documents. Impact is denial of service; no exploitation status is stated. Remediation indicated by the references i...