32 matches found
CVE-2024-10342
The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2024-10342 League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2024-10341 League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) SQL Injection via Shortcode
The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
CVE-2024-10341
CVE-2024-10341 relates to the WordPress plugin League of Legends Shortcodes. The vulnerability is an SQL Injection in the plugin’s shortcode for versions up to and including 1.0.1, caused by insufficient escaping of the user-supplied parameter and inadequate preparation of the SQL query. Exploita...
CVE-2024-10341 League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) SQL Injection via Shortcode
The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
WordPress plugin League of Legends Shortcodes SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A SQL injection vulnerability exists in the WordPress plugi...
WordPress League of Legends Shortcodes plugin <= 1.0.1 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by István Márton in WordPress Plugin League of Legends Shortcodes versions = 1.0.1...
WordPress League of Legends Shortcodes plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin League of Legends Shortcodes versions = 1.0.1...
WordPress League of Legends Shortcodes Plugin <= 1.0.1 is vulnerable to SQL Injection
Software League of Legends Shortcodes Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10341 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID e710f3b6d815 Credits István Márton Required privilege...
WordPress League of Legends Shortcodes Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software League of Legends Shortcodes Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10342 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a6f27a15f3e2 Credits István Márto...
Fake League of Legends Download Ads Spread Lumma Stealer Malware
League of Legends fans beware! A new malware campaign targeting the League of Legends World Championship is spreading…...
A week in security (January 30 - February 5)
Last week on Malwarebytes Labs: A private moment, caught by a Roomba, ended up on Facebook. Eileen Guo explains how: Lock and Code S04E03 New data wipers deployed against Ukraine Update your LearnPress plugins now! Riot Games refuses to pay ransom to avoid League of Legends leak Analyzing and...
Riot Games refuses to pay ransom to avoid League of Legends leak
After confirming threat actors were able to steal some of its code, Riot Games has also revealed that it received a ransom email from its attacker. The attackers demanding $10 million to stop them leaking source code from League of Legend's and other games. Riot's reply? Today, we received a rans...
lolfeedback SQL注入漏洞
lolfeedback is an app by Philip B. Personal Developer. After linking your League of Legends account to LoLFeedback, feedback can only be provided to players you have played or A SQL injection vulnerability exists in lolfeedback, which stems from an unknown functionality impact and operates to cau...
Riot Games League Of Legends Insecure File Permissions Privilege Escalation
------------------------------------------------------------------------------------ Exploit Title: Riot Games League of Legends Insecure File Permissions Privilege Escalation Date: 03/06/16 Exploit Author: Cyril Vallicari i give credit also to Vincent Yiu he probably found this too Vendor...
Riot Games League of Legends - Insecure File Permissions Privilege Escalation
Exploit for windows platform in category local exploits ------------------------------------------------------------------------------------ Exploit Title: Riot Games League of Legends Insecure File Permissions Privilege Escalation Date: 03/06/16 Exploit Author: Cyril Vallicari i give credit also...
Riot Games League of Legends - Insecure File Permissions Privilege Escalation
Riot Games League of Legends - Insecure File Permissions Privilege Escalation ------------------------------------------------------------------------------------ Exploit Title: Riot Games League of Legends Insecure File Permissions Privilege Escalation Date: 03/06/16 Exploit Author: Cyril...
Riot Games League of Legends - Insecure File Permissions Privilege Escalation
------------------------------------------------------------------------------------ Exploit Title: Riot Games League of Legends Insecure File Permissions Privilege Escalation Date: 03/06/16 Exploit Author: Cyril Vallicari i give credit also to Vincent Yiu he probably found this too Vendor...
League of Legends Screensaver - Insecure File Permissions Privilege Escalation
League of Legends Screensaver - Insecure File Permissions Privilege Escalation Exploit Title: League of Legends Screensaver Insecure File Permissions Privilege Escalation CVE-ID: NA Date: 13/04/2016 Exploit Author: Vincent Yiu Contact: [email protected] Vendor Homepage:...
League Of Legends Screensaver Unquoted Service Path Privilege Escalation
Exploit Title: League of Legends Screensaver Unquoted Service Paths Conditional Privilege Escalation. CVE-ID: NA Date: 13/04/2016 Exploit Author: Vincent Yiu Contact: [email protected] Vendor Homepage: http://www.leagueoflegends.com Software Link: screensaver.euw.leagueoflegends.com/enUS...