Missing CSRF protection

Description Any user can Add Questions on FAQ section -- https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 This section is vulnerable to CSRF. The aggressor can abuse this without prior knowledge of others'. The successful CSRF will send new questions from the victim's browser Captur...

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

✍️ Description The faq section of LiveHelperChat can be modified listing some new questions/answers. However, the template is used incorrectly resulting in a CSTI injection which leads to stored XSS. 🕵️‍♂️ Proof of Concept 1. Install the livechat 2. Go on https://your-host.com/siteadmin/faq/view/1...

UK banks hit by Ramnit banking malware and social engineering attacks

A dangerous variant of the Ramnit malware has been discovered targeting the UK's financial sector. Trusteer claims to have discovered an interesting trojan based attack technique that injects highly convincing and interactive real-time messages into the user Web stream that they encounter when...

Zeus Source Code Leaked

The source code to the infamous Zeus crimeware kit, which has been sold on underground forums for years, has been leaked and is now available for anyone to see if they know where to look. Security researchers over the weekend noticed that files that appeared to contain the source code for the Zeu...

Design/Logic Flaw

The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information the full path via "unvalidated output" in FAQ/index.php, possibly involving an undefined idcat variable...

CVE-2007-0385

The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information the full path via "unvalidated output" in FAQ/index.php, possibly involving an undefined idcat variable...