Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:1057
HistoryDec 13, 2000 - 12:00 a.m.

Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below.

2000-12-1300:00:00
vulners.com
11
JSON

note : This is not apparent in the commercial versions, (tested on three
different versions )
the author was notified and appropriate changes have since been made.

product page -

http://www.cgiscriptcenter.com/subscribe/index2.html

vendor notice -

Security Advisory:

Users of Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT, update today to
protect your Subscribe Me Lite from outside access to your administration
panel.

[Full disclosure]

yes thats right, the malicious user can cause somewhat considerable damage
to a subscribe me lite
mailing list if you are using versions 1.0 - 2.0 Unix or 1.0 - 2.0 NT a
simple web browser pre-formatted
call, can allow an attacker to delete ANY user from the list in the form of

http://url.to.victim.com/[email protected]

The user will be deleted from the list without any kind of verification
whatsoever.

The vendor has updated with this information, please update yours.

Thanks
Tom (Digital Vampire)

IC-CRYPT.com // Enhancing communications since 1998

JSON