CVE-2004-0374
Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "SQLUSER" string.
| Software | From | Fixed in |
|---|---|---|
| interchange_development_group / interchange | 4.8.4 | 4.8.4.x |
| interchange_development_group / interchange | 4.8.1 | 4.8.1.x |
| interchange_development_group / interchange | 4.8.3 | 4.8.3.x |
| interchange_development_group / interchange | 5.0 | 5.0.x |
| interchange_development_group / interchange | 4.8.9 | 4.8.9.x |
| interchange_development_group / interchange | 4.8.6 | 4.8.6.x |
| interchange_development_group / interchange | 4.8.7 | 4.8.7.x |
| interchange_development_group / interchange | 4.8.5 | 4.8.5.x |
| interchange_development_group / interchange | 4.8.8 | 4.8.8.x |
| interchange_development_group / interchange | 4.8.2 | 4.8.2.x |
- http://ftp.icdevgroup.org/interchange/5.0/WHATSNEW
- http://secunia.com/advisories/11234
- http://www.debian.org/security/2004/dsa-471
- http://www.icdevgroup.org/pipermail/interchange-announce/2004/000043.html
- http://www.securityfocus.com/bid/10005
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15670
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime