Just an fyi for all your perl users using formmail.pl.

Looks like formmail.pl allows spamming, for what I can tell it does not validate
the recipient list. As shown in this log snippet:

GET /cgi-bin/formmail.pl?email=G5336 at alumidirector.com&recipient=jajchtd at aol.com,yummykissy at aol.com,jajclower at aol.com,kmahb at aol.com,flygirlmr at aol.com,&subject=Home+Based+Business+++++++++gbdsgsdgbv++++++++++++++++++++++++++++++++++793Z2kw6cna&=++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br><HTML><FONT++BACK%3D"%23ffffff"+style%3D"BACKGROUND-COLOR:+%23ffffff"+SIZE%3D2+PTSIZE%3D10><BR><BR><BR>HOME+EMPLOYMENT+OPPORTUNITIES<BR>NO+EXPERIENCE+REQUIRED<BR>WORK+THE+HOURS+YOU+WANT<BR><A+HREF%3D"http://www.megafreehosting.com/members/athome4694/index.html">CLICK+HERE</A>+FOR+MORE+INFO<BR><BR><BR>To+be+removed+from+our+mailing+list+simply<BR><A+HREF%3D"mailto:wsl at myrealbox.com%3Fsubject%3Dremove+me+now">click+here</A>+and+type+your+email+address+in+<BR>the+message+body+and+hit+send.+Your+email<BR>address+will+be+removed+from+our+database+within+24+hours.<BR><BR><BR></FONT></HTML><br><p><br><p><br><p><br><p><br><p><br><p><br><p>V6K28C0ck0SFAK7tb6iMHnW7sOzNoxX30PrqyoY06j9hp8dS3b5y54uAVs95114lV6K28C0ck0SFAK7tb6iMHnW7sOzNoxX30PrqyoY06j9V3r5px7lIDi2g44cJLaA21L0tM2A8PT7ks9B5QT4bjXqWYoG32YhDwfN09Fyyg1OI3r5px7lIDi2g44cJLaA21L0tM2A8PT7ks9B5QT4bjXqWYoG32YhDwfN09Fyyg1OI3r5px7lIDi2g44cJLaA21L0tM2A8PT7ks9B5QT4bjXqWYoG32YhDwfN09F HTTP/1.0" 200 1395 "-" "SSM Agent 1.0"

This is document on Bugtraq, but since I'm seeing it now, I thought I'd let
everyone know.
 
-- 
Bob Tanner <tanner at real-time.com>       | Phone : (952)943-8700
http://www.mn-linux.org                 | Fax   : (952)943-8500
Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9