The ShipStation plugin for CS-Cart version v1.0.10 and earlier allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked.
The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL.
I'm about half-way through Assassin's Creed 4: Black Flag, and so far it's been pretty cool but somewhat predictable.
I knew right away about James Kidd so that came as no surprise, and now I'm just wondering if my other predictions will be true or not. I just finished Marooned, and at this point I'd guess:
... which is fine I suppose, but what gets me is the time and place at which they chose to make sure this is you.
I went to pay my Xbox bill on (stupid) xbox.com -- turns out they had my old credit card info. Whatever. So I then proceeded to update my credit card info, and it wouldn't let me continue unless they "made sure it was me".
Great! Seriously! I was glad to see that they were looking out for my security. UNTIL I realized
