Bugtraq mailing list archives
Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below.
From: Tom Pickles <tom_pickles () HOTMAIL COM>
Date: Tue, 12 Dec 2000 10:25:02 -0000
note : This is not apparent in the commercial versions, (tested on three different versions ) the author was notified and appropriate changes have since been made. product page - http://www.cgiscriptcenter.com/subscribe/index2.html vendor notice - Security Advisory: Users of Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT, update today to protect your Subscribe Me Lite from outside access to your administration panel. [Full disclosure] yes thats right, the malicious user can cause somewhat considerable damage to a subscribe me lite mailing list if you are using versions 1.0 - 2.0 Unix or 1.0 - 2.0 NT a simple web browser pre-formatted call, can allow an attacker to delete ANY user from the list in the form of http://url.to.victim.com/subscribe.pl?some () email com The user will be deleted from the list without any kind of verification whatsoever. The vendor has updated with this information, please update yours. Thanks Tom (Digital Vampire) IC-CRYPT.com // Enhancing communications since 1998
Current thread:
- Killing ircds via DNS David Luyer (Dec 07)
- Re: Killing ircds via DNS van der Kooij, Hugo (Dec 08)
- Re: Killing ircds via DNS David Luyer (Dec 11)
- Re: Killing ircds via DNS Adam J Herscher (Dec 11)
- Re: Killing ircds via DNS Robert Feldbauer (Dec 11)
- Re: Killing ircds via DNS Piotr Kucharski (Dec 11)
- Re: Killing ircds via DNS David Luyer (Dec 12)
- Re: Killing ircds via DNS Darren Reed (Dec 13)
- Re: Killing ircds via DNS Chris Mason (Dec 12)
- Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below. Tom Pickles (Dec 13)
- Re: Killing ircds via DNS Sean Kelly (Dec 13)
- Re: Killing ircds via DNS David Luyer (Dec 12)
- Re: Killing ircds via DNS van der Kooij, Hugo (Dec 08)