[ SOURCE: http://www.secureroot.com/security/advisories/9768327092.html ] note : This is not apparent in the commercial versions, (tested on three different versions ) the author was notified and appropriate changes have since been made. product page - http://www.cgiscriptcenter.com/subscribe/index2.html vendor notice - Security Advisory: Users of Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT, update today to protect your Subscribe Me Lite from outside access to your administration panel. [Full disclosure] yes thats right, the malicious user can cause somewhat considerable damage to a subscribe me lite mailing list if you are using versions 1.0 - 2.0 Unix or 1.0 - 2.0 NT a simple web browser pre-formatted call, can allow an attacker to delete ANY user from the list in the form of http://url.to.victim.com/subscribe.pl?some@email.com The user will be deleted from the list without any kind of verification whatsoever. The vendor has updated with this information, please update yours. Thanks Tom (Digital Vampire) IC-CRYPT.com // Enhancing communications since 1998