Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
orca vulnerabilities and exploits
(subscribe to this query)
935
VMScore
CVE-2008-5167
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
Boonex Orca 2.0
Boonex Orca 2.0.2
1 EDB exploit
312
VMScore
CVE-2009-2919
Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.
Boonex Orca 2.0
Boonex Orca 2.0.2
445
VMScore
CVE-2020-9298
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an malicious user to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.
Spinnaker Orca
755
VMScore
CVE-2005-3815
SQL injection vulnerability in forum.php in Orca Forum 4.3b and previous versions allows remote malicious users to execute arbitrary SQL commands via the msg parameter.
Greywyvern Orca Forum
1 EDB exploit
755
VMScore
CVE-2005-3940
SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and previous versions allows remote malicious users to execute arbitrary SQL commands via the start parameter.
Greywyvern Orca Ringmaker
1 EDB exploit
755
VMScore
CVE-2005-3941
SQL injection vulnerability in blog.php in Orca Blog 1.3b and previous versions allows remote malicious users to execute arbitrary SQL commands via the msg parameter.
Greywyvern Orca Blog
1 EDB exploit
755
VMScore
CVE-2005-3942
SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and previous versions allows remote malicious users to execute arbitrary SQL commands via the qid parameter.
Greywyvern Orca Knowledgebase
1 EDB exploit
890
VMScore
CVE-2021-35963
The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated malicious users to upload files containing malicious script to execute RCE attacks.
Learningdigital Orca Hcm
890
VMScore
CVE-2021-35965
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.
Learningdigital Orca Hcm
445
VMScore
CVE-2021-35967
The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.
Learningdigital Orca Hcm
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »