Page 7 of 33 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12850

https://notcve.org/view.php?id=CVE-2017-12850

An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46. Un usuario estándar autenticado podría resetear la contraseña de otros usuarios (incluyendo al administrador) alterando los datos del formulario. Afecta a kanboard en versiones anteriores a la 1.0.46. • http://www.securityfocus.com/bid/100352 https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12851

https://notcve.org/view.php?id=CVE-2017-12851

An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46. Un usuario estándar autenticado podría resetear la contraseña del administrador alterando los datos del formulario. Afecta a kanboard en versiones anteriores a la 1.0.46. • http://www.securityfocus.com/bid/100352 https://github.com/kanboard/kanboard/commit/b79b18efd7a1a8b591753a4eddd473f88d55b7df • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 1

CVE-2014-3920 – Kanboard 1.0.5 Cross Site Request Forgery

https://notcve.org/view.php?id=CVE-2014-3920

Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI. Vulnerabilidad de CSRF en Kanboard anterior a 1.0.6 permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que añaden un usuario administrativo a través de una acción de guardar en la URI por defecto. Kanboard version 1.0.5 suffers from a cross site request forgery vulnerability. • http://kanboard.net/news http://www.securityfocus.com/archive/1/532619/100/0/threaded https://www.htbridge.com/advisory/HTB23217 • CWE-352: Cross-Site Request Forgery (CSRF) •