jer's blog

Minimum requirements for CVE-2020-8889

Minimum requirements:

SA: ShipStation plugin for CS-Cart - incorrect access control, compromised database integrity


The ShipStation plugin for CS-Cart version v1.0.10 and earlier allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked.

Additional information:

SA: Shipstation plugin for CS-Cart - Incorrect Access Control


The plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL.

Additional information:

AC4 predictions

I'm about half-way through Assassin's Creed 4: Black Flag, and so far it's been pretty cool but somewhat predictable.

I knew right away about James Kidd so that came as no surprise, and now I'm just wondering if my other predictions will be true or not. I just finished Marooned, and at this point I'd guess:

Tuts My Barreh

Tuts My Barreh - Dub

Apparently the karaoke guy nailed it. ;)

Microsoft / Xbox wants to "make sure this is you"

... which is fine I suppose, but what gets me is the time and place at which they chose to make sure this is you.

I went to pay my Xbox bill on (stupid) -- turns out they had my old credit card info. Whatever. So I then proceeded to update my credit card info, and it wouldn't let me continue unless they "made sure it was me".

Great! Seriously! I was glad to see that they were looking out for my security. UNTIL I realized

Subscribe to RSS - jer's blog