Product: Subscribe Me Versions: All version number, LITE only Vendor: Notified, http://www.cgiscriptcenter.com/ The Problem: Once again a remote user can alter the Admin Password for the Subscribe Me Admin Control Panel. Allowing a user to add and remove ppl from the list as well as initiate a mailling with a message body of their choice. Exploit: See the html attachment included. Patches: There should be one shortly after they fix Account Manager :) n30@alldas.de