Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
orca vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-2919
Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.
Boonex Orca 2.0
Boonex Orca 2.0.2
NA
CVE-2008-5167
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
Boonex Orca 2.0
Boonex Orca 2.0.2
1 EDB exploit
7.5
CVSSv3
CVE-2020-9298
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an malicious user to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.
Spinnaker Orca
9.8
CVSSv3
CVE-2021-35963
The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated malicious users to upload files containing malicious script to execute RCE attacks.
Learningdigital Orca Hcm
9.8
CVSSv3
CVE-2021-35964
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote malicious users to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causin...
Learningdigital Orca Hcm
9.8
CVSSv3
CVE-2021-35965
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.
Learningdigital Orca Hcm
6.1
CVSSv3
CVE-2021-35966
The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.
Learningdigital Orca Hcm
5.3
CVSSv3
CVE-2021-35967
The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.
Learningdigital Orca Hcm
4.3
CVSSv3
CVE-2021-35968
The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges.
Learningdigital Orca Hcm
NA
CVE-2005-3815
SQL injection vulnerability in forum.php in Orca Forum 4.3b and previous versions allows remote malicious users to execute arbitrary SQL commands via the msg parameter.
Greywyvern Orca Forum
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »