Frederic Guillot

21 exploits Active since Aug 2017
CVE-2017-12850 WRITEUP HIGH WRITEUP
Kanboard < 1.0.45 - Password Reset Weakness
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
CVSS 8.8
CVE-2017-12851 WRITEUP HIGH WRITEUP
Kanboard < 1.0.45 - Password Reset Weakness
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
CVSS 8.8
CVE-2017-15195 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
CVSS 4.3
CVE-2017-15196 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
CVSS 4.3
CVE-2017-15197 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
CVSS 4.3
CVE-2017-15198 WRITEUP MEDIUM WRITEUP
Kanboard - Information Disclosure
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
CVSS 4.3
CVE-2017-15199 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
CVSS 4.3
CVE-2017-15200 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
CVSS 4.3
CVE-2017-15201 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
CVSS 4.3
CVE-2017-15202 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
CVSS 4.3
CVE-2017-15203 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.
CVSS 4.3
CVE-2017-15204 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.
CVSS 4.3
CVE-2017-15205 WRITEUP MEDIUM WRITEUP
Kanboard - Information Disclosure
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.
CVSS 4.3
CVE-2017-15206 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
CVSS 4.3
CVE-2017-15207 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
CVSS 4.3
CVE-2017-15208 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
CVSS 4.3
CVE-2017-15209 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
CVSS 4.3
CVE-2017-15210 WRITEUP MEDIUM WRITEUP
Kanboard - Information Disclosure
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
CVSS 4.3
CVE-2017-15211 WRITEUP MEDIUM WRITEUP
Kanboard - IDOR
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
CVSS 4.3
CVE-2017-15212 WRITEUP MEDIUM WRITEUP
Kanboard - Information Disclosure
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
CVSS 4.3
CVE-2025-52576 WRITEUP MEDIUM WRITEUP
Kanboard < 1.2.46 - Information Disclosure
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine valid usernames and circumvent rate-limiting or blocking mechanisms. Any organization running a publicly accessible Kanboard instance is affected, especially if relying on IP-based protections like Fail2Ban or CAPTCHA for login rate-limiting. Attackers with access to the login page can exploit this flaw to enumerate valid usernames and bypass IP-based blocking mechanisms, putting all user accounts at higher risk of brute-force or credential stuffing attacks. Version 1.2.46 contains a patch for the issue.
CVSS 5.3