Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below.

Type securityvulns
Reporter Securityvulns
Modified 2000-12-13T00:00:00


note : This is not apparent in the commercial versions, (tested on three different versions ) the author was notified and appropriate changes have since been made.

product page -

vendor notice -

Security Advisory:

Users of Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT, update today to protect your Subscribe Me Lite from outside access to your administration panel.

[Full disclosure]

yes thats right, the malicious user can cause somewhat considerable damage to a subscribe me lite mailing list if you are using versions 1.0 - 2.0 Unix or 1.0 - 2.0 NT a simple web browser pre-formatted call, can allow an attacker to delete ANY user from the list in the form of

The user will be deleted from the list without any kind of verification whatsoever.

The vendor has updated with this information, please update yours.

Thanks Tom (Digital Vampire) // Enhancing communications since 1998