Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
orca vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2009-2919
Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.
Boonex Orca 2.0
Boonex Orca 2.0.2
9.3
CVSSv2
CVE-2008-5167
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
Boonex Orca 2.0
Boonex Orca 2.0.2
1 EDB exploit
5
CVSSv2
CVE-2020-9298
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an malicious user to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.
Spinnaker Orca
7.5
CVSSv2
CVE-2005-3940
SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and previous versions allows remote malicious users to execute arbitrary SQL commands via the start parameter.
Greywyvern Orca Ringmaker
1 EDB exploit
7.5
CVSSv2
CVE-2005-3941
SQL injection vulnerability in blog.php in Orca Blog 1.3b and previous versions allows remote malicious users to execute arbitrary SQL commands via the msg parameter.
Greywyvern Orca Blog
1 EDB exploit
10
CVSSv2
CVE-2021-35963
The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated malicious users to upload files containing malicious script to execute RCE attacks.
Learningdigital Orca Hcm
10
CVSSv2
CVE-2021-35965
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.
Learningdigital Orca Hcm
5
CVSSv2
CVE-2021-35967
The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.
Learningdigital Orca Hcm
7.5
CVSSv2
CVE-2021-35964
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote malicious users to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causin...
Learningdigital Orca Hcm
5.8
CVSSv2
CVE-2021-35966
The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.
Learningdigital Orca Hcm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »