EUVD-2001-0086

Malware in sbrugna...

Subscribe Me Pro 2.44 S.PL Remote Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14817/info Subscribe Me Pro is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. Exploitation of this vulnerability could lead to a loss of confidentiality ...

SiteInteractive Subscribe Me Setup.PL Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9253/info It has been reported that the SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on user-supplied URI parameters; an attacker may invoke this script remotely and and by passing sufficient...

CGI Script Center Subscribe Me Lite 2.0 Administrative Password Alteration (2)

No description provided by source. source: http://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition o...

CVE-2005-2952

Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. dot dot in the l parameter...

CVE-2005-2952

The CVE-2005-2952 entry concerns a directory traversal vulnerability in Subscribe Me Pro (versions up to 2.044.09P and earlier). The issue arises from a dot-dot (.. ) path traversal in the l parameter of s.pl, allowing remote attackers to read arbitrary files. Affects Subscribe Me Pro 2.044.09P a...

CVE-2005-2952

Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. dot dot in the l parameter...

subpro204409P.txt

------=Part56326909740.1126618894612 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline ------------------------------------------------------ HYA-2005-006 h4cky0u.org Advisory 007...

[Full-disclosure] Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability

-------------------------------------------------------------- HYA-2005-006 h4cky0u.org Advisory 007 -------------------------------------------------------------- Date - Tue Sep 13 2005 TITLE: ====== Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability SEVERITY: ========= High...

Subscribe Me Pro 2.44 - S.pl Directory Traversal

Subscribe Me Pro 2.44 - S.pl Directory Traversal source: https://www.securityfocus.com/bid/14817/info Subscribe Me Pro is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. Exploitation of this vulnerability could lead to a loss of...

Subscribe Me Pro/Enterprise - Remote Code Execution via Backticked Perl Variable Injection.

Pimp industries. "Its all about the Bling, Bitches and Fame!" Subscribe Me Pro/Enterprise All recent versions of Pro/Enterprise Remote Code Execution via Backticked Perl Variable Injection. C Paul Craig Pimp Industries 2003 This advisory is also online at:...

SiteInteractive Subscribe Me - Setup.pl Arbitrary Command Execution

SiteInteractive Subscribe Me - Setup.pl Arbitrary Command Execution source: https://www.securityfocus.com/bid/9253/info It has been reported that the SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on user-supplied URI parameters; an attacker may invoke this script...

CVE-2001-0086

CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter...

CVE-2001-0086

CVE-2001-0086 affects CGI Script Center Subscribe Me LITE 2.0 and earlier. The vulnerability allows remote attackers to delete arbitrary mailing-list users by directly calling subscribe.pl with the target address as a parameter, without authentication. The NVD entry notes a CVSS v2 base score of ...

Дырка в Subscribe Me

Любой желающий может удалить адрес из списка рассылки...

Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below.

note : This is not apparent in the commercial versions, tested on three different versions the author was notified and appropriate changes have since been made. product page - http://www.cgiscriptcenter.com/subscribe/index2.html vendor notice - Security Advisory: Users of Subscribe Me Lite 1.0 -...

CVE-2000-0688

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter...

CVE-2000-0688

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter...

CVE-2000-0688

CVE-2000-0688 concerns Subscribe Me LITE. The vulnerability is that it does not properly authenticate password-change attempts, allowing a remote attacker to gain privileges for the Account Manager by directly invoking subscribe.pl with the setpwd parameter. The available connected documents conf...

Subscribe Me Vulnerability

Product: Subscribe Me Versions: ALL version numbers LITE only OS: Unix and Winnt Vendor: Notified, http://www.cgiscriptcenter.com/ The Problem: Yet again the script allows a remote user to overwrite the Admin Passwd file with any password they see fit. Therefore giving them Admin access to the...