COMMAND

    Subscribe Me

SYSTEMS AFFECTED

    Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below.

PROBLEM

    Tom Pickles  found following.   Users of  Subscribe Me  Lite 1.0 -
    2.0 Unix or 1.0 - 2.0  NT, update today to protect your  Subscribe
    Me Lite from outside access to your administration panel.

    Yes  thats   right,  the   malicious  user   can  cause   somewhat
    considerable damage  to a  subscribe me  lite mailing  list if you
    are using versions  1.0 - 2.0  Unix or 1.0  - 2.0 NT  a simple web
    browser pre-formatted call,  can allow an  attacker to delete  ANY
    user from the list in the form of

        http://url.to.victim.com/subscribe.pl?some@email.com

    The  user  will  be  deleted  from  the  list  without any kind of
    verification whatsoever.

SOLUTION

    The vendor has updated with this information, please update yours.