ORCA
Products
5- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-0643 | Med | 0.43 | 6.6 | 0.01 | Sep 7, 2018 | Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2026-25599 | Med | 0.41 | 6.3 | 0.00 | Jun 1, 2026 | Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca… | ||
| CVE-2021-35967 | Med | 0.35 | 5.3 | 0.01 | Jul 19, 2021 | The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in. | ||
| CVE-2005-3940 | 0.03 | — | 0.01 | Dec 1, 2005 | SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||
| CVE-2005-3815 | 0.03 | — | 0.01 | Nov 26, 2005 | SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter. |
- risk 0.43cvss 6.6epss 0.01
Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
- risk 0.41cvss 6.3epss 0.00
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca…
- risk 0.35cvss 5.3epss 0.01
The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.
- CVE-2005-3940Dec 1, 2005risk 0.03cvss —epss 0.01
SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter.
- CVE-2005-3815Nov 26, 2005risk 0.03cvss —epss 0.01
SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.