SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php.

Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.