Spiked

5 exploits Active since Nov 2006
CVE-2006-5773 EXPLOITDB text WORKING POC
freewebshop < 2.2.1 - Directory Traversal via Action Parameter
Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. (dot dot) in the action parameter.
CVE-2006-5772 EXPLOITDB text WORKING POC
freewebshop < 2.2.1 - SQL Injection via Password or Prod Parameter
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter.
CVE-2007-0982 EXPLOITDB text WORKING POC
TaskFreak! 0.5.5 - Cross-Site Scripting via tznMessage Parameter
Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-107246 EXPLOITDB text WORKING POC
FreeWebShop 2.2 - 'index.php' SQL Injection
CVE-2006-6941 EXPLOITDB text WORKING POC
FreeWebshop <2.2.2 - Info Disclosure
index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message.