There's a new advisory out that can be very damaging to a lot of sites, but has been found in osCommerce in particular dealing with "HTTP Response Splitting".

From John Cox's blog:

osCommerce is a very popular eCommerce application that allows for individuals to host their own online shop. All current versions of osCommerce are vulnerable to HTTP Response Splitting. These HTTP Response Splitting vulnerabilities may allow for an attacker to steal sensitive user information, or cause temporary web site defacement. The suggested fix for this issue is to make sure that CRLF sequences are not passed to the application.

It looks like any script that does a redirect and is vulnerable to an injection from the URL string is at risk. John even has a sample of a very benign use of it, but, unfortunately, there's all sorts of bad things it could be used for...