Frederic Guillot

36 exploits Active since Aug 2017
CVE-2017-15195 WRITEUP MEDIUM WRITEUP
Kanboard - Authenticated Authorization Bypass via Swimlane Form Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
CVSS 4.3
CVE-2017-15196 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
CVSS 4.3
CVE-2017-15197 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Category Addition
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
CVSS 4.3
CVE-2017-15198 WRITEUP MEDIUM WRITEUP
Kanboard - Authenticated Private Project Category Modification
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
CVSS 4.3
CVE-2017-15199 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Metadata Modification via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
CVSS 4.3
CVE-2017-15200 WRITEUP MEDIUM WRITEUP
Kanboard - Authenticated Authorization Bypass via Task Form Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
CVSS 4.3
CVE-2017-15201 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Tag Editing
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
CVSS 4.3
CVE-2017-15202 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
CVSS 4.3
CVE-2017-15203 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.
CVSS 4.3
CVE-2017-15204 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Automatic Action Form Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.
CVSS 4.3
CVE-2017-15206 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Internal Link Injection
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
CVSS 4.3
CVE-2017-15207 WRITEUP MEDIUM WRITEUP
Kanboard - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
CVSS 4.3
CVE-2017-15208 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
CVSS 4.3
CVE-2017-15211 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
CVSS 4.3
CVE-2017-15212 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Exposure of Sensitive Information via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
CVSS 4.3
CVE-2017-12850 WRITEUP HIGH WRITEUP
kanboard < 1.0.45 - Authenticated Password Reset via Form Data Manipulation
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
CVSS 8.8
CVE-2017-12851 WRITEUP HIGH WRITEUP
kanboard < 1.0.45 - Authenticated Password Reset to Admin via Form Data Manipulation
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
CVSS 8.8
CVE-2017-15195 WRITEUP MEDIUM WRITEUP
Kanboard - Authenticated Authorization Bypass via Swimlane Form Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
CVSS 4.3
CVE-2017-15196 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
CVSS 4.3
CVE-2017-15197 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Category Addition
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
CVSS 4.3
CVE-2017-15198 WRITEUP MEDIUM WRITEUP
Kanboard - Authenticated Private Project Category Modification
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
CVSS 4.3
CVE-2017-15199 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Metadata Modification via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
CVSS 4.3
CVE-2017-15200 WRITEUP MEDIUM WRITEUP
Kanboard - Authenticated Authorization Bypass via Task Form Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
CVSS 4.3
CVE-2017-15201 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Tag Editing
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
CVSS 4.3
CVE-2017-15202 WRITEUP MEDIUM WRITEUP
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
CVSS 4.3