freewvsdb/misc.json
e1127d74
 [
   {
8ec7d79e
     "name": "phpMyAdmin",
e1127d74
     "url": "https://www.phpmyadmin.net/",
31969a8c
     "safe": "5.0.3",
     "old_safe": "4.9.6",
     "vuln": "https://www.phpmyadmin.net/security/PMASA-2020-6/",
e1127d74
     "detection": [
       {
         "file": "Config.class.php",
         "variable": "PMA_VERSION",
8ec7d79e
         "subdir": 1,
         "note": "4.5.x and older"
       },
e1127d74
       {
         "file": "Config.php",
         "variable": "PMA_VERSION",
         "subdir": 1,
8ec7d79e
         "extra_match": "namespace PMA\\libraries;",
         "note": "4.6.x/4.7.x"
       },
e1127d74
       {
         "file": "Config.php",
         "variable": "PMA_VERSION",
         "subdir": 2,
         "extra_match": "namespace PhpMyAdmin;"
       }
     ]
   },
   {
     "name": "SquirrelMail",
     "url": "https://squirrelmail.org/",
     "safe": "1.4.22",
     "vuln": "CVE-2010-4554",
     "detection": [
       {
         "file": "strings.php",
         "variable": "$version",
         "subdir": 1,
         "extra_match": "SquirrelMail version number"
       }
     ]
   },
   {
8ec7d79e
     "name": "Mantis",
e1127d74
     "url": "https://mantisbt.org/",
aa754898
     "safe": "2.24.3",
     "vuln": "CVE-2020-25830",
e1127d74
     "detection": [
       {
         "file": "config_defaults_inc.php",
         "variable": "$g_mantis_version",
         "subdir": 0
8ec7d79e
       },
e1127d74
       {
         "file": "constant_inc.php",
         "variable": "MANTIS_VERSION",
         "subdir": 1
       }
     ]
   },
   {
8ec7d79e
     "name": "Bugzilla",
e1127d74
     "url": "https://www.bugzilla.org/",
8ec7d79e
     "safe": "5.0.4",
     "old_safe": "4.4.13",
     "vuln": "CVE-2018-5123",
e1127d74
     "detection": [
       {
8ec7d79e
         "file": "globals.pl",
         "variable": "$::param{'version'}",
         "subdir": 0,
         "note": "2.14.x and older"
       },
e1127d74
       {
         "file": "Config.pm",
         "variable": "$Bugzilla::Config::VERSION",
8ec7d79e
         "subdir": 1,
         "note": "2.16.x - 2.23.x"
       },
       {
         "file": "Constants.pm",
         "variable": "BUGZILLA_VERSION",
         "subdir": 1,
         "note": "3.x and newer"
e1127d74
       }
     ]
   },
   {
     "name": "SimpNews",
7edf1231
     "url": "https://web.archive.org/web/20110228171938/http://www.boesch-it.de/",
e1127d74
     "safe": "2.48",
     "vuln": "CVE-2010-2858",
     "detection": [
       {
         "file": "global.inc.php",
         "variable": "$version",
         "subdir": 1,
         "extra_match": "$path_simpnews"
       }
     ]
   },
   {
     "name": "calendarix",
7edf1231
     "url": "https://web.archive.org/web/20120430200920/http://www.calendarix.com/",
e1127d74
     "safe": "",
     "vuln": "CVE-2007-3183",
     "detection": [
       {
         "file": "cal_config.inc.php",
         "variable": "$version",
         "subdir": 0
       }
     ]
   },
   {
     "name": "myEvent",
     "url": "http://mywebland.com/",
     "safe": "",
     "vuln": "CVE-2007-0690",
     "detection": [
       {
         "file": "config.php",
         "variable": "$version",
         "subdir": 0,
         "extra_match": "$eventbgcolor"
       }
     ]
   },
   {
     "name": "php-stats",
     "url": "http://php-stats.com/",
     "safe": "",
     "vuln": "CVE-2007-5453",
     "detection": [
       {
         "file": "update.php",
         "variable": "$version",
         "subdir": 0,
         "extra_match": "http://php-stats.com/"
       }
     ]
   },
   {
     "name": "Ampache",
     "url": "http://ampache.org/",
7edf1231
     "safe": "4.0.0",
     "vuln": "CVE-2019-12385",
e1127d74
     "detection": [
       {
         "file": "init.php",
         "variable": "$results['version']",
         "subdir": 1,
         "extra_match": "$ampache_path"
       }
     ]
   },
   {
     "name": "SiteBar",
0ffbba40
     "url": "https://sitebar.org/",
e1127d74
     "safe": "3.3.9",
     "vuln": "CVE-2007-5492",
     "detection": [
       {
         "file": "database.inc.php",
         "variable": "SB_CURRENT_RELEASE",
         "subdir": 1
       }
     ]
   },
   {
     "name": "phpPgAdmin",
     "url": "http://phppgadmin.sourceforge.net/",
     "safe": "5.0.4",
     "vuln": "CVE-2012-1600",
     "detection": [
       {
         "file": "lib.inc.php",
         "variable": "$appVersion",
         "subdir": 1,
         "extra_match": "phpPgAdmin"
       }
     ]
   },
   {
     "name": "FTP Admin",
     "url": "http://ftpadmin.sourceforge.net/",
     "safe": "",
     "vuln": "CVE-2007-6234",
     "detection": [
       {
         "file": "session_start.php",
         "variable": "VERSION",
         "subdir": 0,
         "extra_match": "define(\"TITLE\", \"FTP Admin\");"
       }
     ]
   },
   {
07013e56
     "name": "RoundCube",
e1127d74
     "url": "https://roundcube.net",
2fbb4b66
     "safe": "1.4.10",
     "old_safe": "1.3.16,1.2.13",
     "latest": "1.4.10",
     "vuln": "CVE-2020-35730",
e1127d74
     "detection": [
       {
         "file": "index.php",
         "variable": "RCMAIL_VERSION",
         "subdir": 0
07013e56
       },
e1127d74
       {
         "file": "iniset.php",
         "variable": "RCMAIL_VERSION",
         "subdir": 2
       }
     ]
   },
   {
     "name": "Moodle",
     "url": "https://moodle.org/",
97e9e969
     "safe": "3.9.3",
     "old_safe": "3.8.6,3.7.9,3.5.15",
     "vuln": "CVE-2020-25699",
e1127d74
     "detection": [
       {
         "file": "version.php",
         "variable": "$release",
         "subdir": 0,
         "extra_match": "MOODLE VERSION INFORMATION"
       }
     ]
   },
   {
     "name": "cacti",
0ffbba40
     "url": "https://cacti.net/",
7edf1231
     "safe": "1.2.8",
     "vuln": "CVE-2019-17357",
e1127d74
     "detection": [
       {
         "file": "global.php",
         "variable": "$config[\"cacti_version\"]",
         "subdir": 1
       }
     ]
   },
   {
     "name": "gnopaste",
     "url": "http://gnopaste.sf.net/",
     "safe": "0.5.4",
     "vuln": "CVE-2006-2834",
     "detection": [
       {
         "file": "install.php",
         "variable": "$_SESSION['page_title'] = 'gnopaste",
         "subdir": 0
       }
     ]
   },
   {
     "name": "Flyspray",
     "url": "http://www.flyspray.org/",
     "safe": "0.9.9.7",
     "vuln": "CVE-2012-1058",
     "detection": [
       {
         "file": "class.flyspray.php",
         "variable": "var $version",
         "subdir": 1
       }
     ]
   },
   {
     "name": "phpMyID",
     "url": "http://siege.org/projects/phpMyID",
     "safe": "",
     "vuln": "CVE-2008-4730",
     "detection": [
       {
         "file": "MyID.php",
         "variable": "@version",
         "subdir": 0
       }
     ]
   },
   {
f1a3f1dc
     "name": "phplist",
     "url": "https://www.phplist.org/",
b029a227
     "safe": "3.5.1",
     "vuln": "CVE-2020-8547",
e1127d74
     "detection": [
       {
         "file": "connect.php",
         "variable": "define(\"VERSION\"",
         "subdir": 1
f1a3f1dc
       },
e1127d74
       {
         "file": "init.php",
         "variable": "define(\"VERSION\"",
         "subdir": 1
       }
     ]
   },
   {
11a64dcd
     "name": "Matomo",
e1127d74
     "url": "https://matomo.org/",
a3aea959
     "safe": "3.13.4",
     "vuln": "https://matomo.org/changelog/matomo-3-13-4/",
     "latest": "3.13.4",
e1127d74
     "detection": [
       {
         "file": "Version.php",
         "variable": "const VERSION",
         "subdir": 1,
11a64dcd
         "extra_match": "@link https://matomo.org"
       },
e1127d74
       {
         "file": "Version.php",
         "variable": "const VERSION",
         "subdir": 1,
11a64dcd
         "extra_match": "@link http://piwik.org",
         "note": "when it was called Piwik"
e1127d74
       }
     ]
   },
   {
     "name": "phpWishlist",
     "url": "http://phpwishlist.sourceforge.net/",
     "safe": "0.1.15",
     "vuln": "CVE-2005-2203",
     "detection": [
       {
         "file": "header.inc.php",
         "variable": "$version",
         "subdir": 1,
         "extra_match": "* Wishlist -"
       }
     ]
   },
   {
     "name": "awstats",
0ffbba40
     "url": "https://awstats.sourceforge.io/",
7edf1231
     "safe": "7.7",
     "vuln": "CVE-2017-1000501",
e1127d74
     "detection": [
       {
         "file": "awstats.pl",
         "variable": "$VERSION  =",
         "subdir": 0
       }
     ]
   },
   {
     "name": "phpMyFAQ",
7edf1231
     "url": "https://www.phpmyfaq.de/",
     "safe": "2.9.11",
     "vuln": "CVE-2018-16650",
e1127d74
     "detection": [
       {
         "file": "phpmyfaq.spec",
         "variable": "version",
         "subdir": 1
       }
     ]
   },
   {
     "name": "Horde-webmail",
     "url": "http://www.horde.org/",
6b04adb7
     "safe": "",
     "vuln": "CVE-2019-12094",
e1127d74
     "detection": [
       {
         "file": "bundle.php",
         "variable": "BUNDLE_VERSION",
         "subdir": 1,
         "extra_match": "'Horde Groupware Webmail Edition'"
6b04adb7
       },
       {
         "file": "Bundle.php",
         "variable": "VERSION",
         "subdir": 1,
         "extra_match": "'Horde Groupware Webmail Edition'"
e1127d74
       }
     ]
   },
   {
     "name": "ResourceSpace",
0ffbba40
     "url": "https://www.resourcespace.com/",
e1127d74
     "safe": "4.2.2833",
     "vuln": "CVE-2011-4311",
     "latest": "4.3.2912",
     "detection": [
       {
         "file": "version.php",
         "variable": "$productname='ResourceSpace';$productversion",
         "subdir": 1
       }
     ]
   },
   {
     "name": "apc.php",
     "url": "http://pecl.php.net/package/APC",
     "safe": "301867",
     "vuln": "CVE-2010-3294",
     "note": "this does not contain it's \"real\" version number, using the CVS id instead - there's been an XSS pre 3.1.4.",
     "detection": [
       {
         "file": "apc.php",
         "variable": "$VERSION='$Id: apc.php",
         "subdir": 0
       }
     ]
   },
   {
     "name": "webtrees",
7edf1231
     "url": "https://www.webtrees.net/",
e1127d74
     "safe": "1.2.4",
7edf1231
     "vuln": "CVE-2014-100006",
     "latest": "1.5.2",
e1127d74
     "detection": [
       {
         "file": "session.php",
         "variable": "define('WT_VERSION'",
         "subdir": 1
       }
     ]
   },
   {
     "name": "PhpGedView",
     "url": "http://phpgedview.sourceforge.net/",
0ffbba40
     "safe": "4.2.4",
e1127d74
     "vuln": "CVE-2011-0405",
     "detection": [
       {
         "file": "session.php",
         "variable": "define('PGV_VERSION'",
         "subdir": 1
       }
     ]
   },
   {
     "name": "status.net",
     "url": "http://status.net",
     "safe": "0.9.9",
     "vuln": "CVE-2011-3370",
     "detection": [
       {
         "file": "common.php",
         "variable": "define('STATUSNET_BASE_VERSION'",
         "subdir": 1
       }
     ]
   },
   {
07013e56
     "name": "limesurvey",
     "url": "https://www.limesurvey.org/",
6e750800
     "safe": "4.1.15",
     "vuln": "https://www.limesurvey.org/limesurvey-updates/2234-limesurvey-4-1-15-build-200402-released",
e1127d74
     "detection": [
       {
         "file": "common.php",
         "variable": "$versionnumber",
         "subdir": 0,
07013e56
         "extra_match": "LimeSurvey",
         "note": "1.8.x and earlier"
       },
e1127d74
       {
         "file": "version.php",
         "variable": "$versionnumber",
         "subdir": 0,
07013e56
         "extra_match": "$dbversionnumber",
         "note": "1.9.x"
       },
e1127d74
       {
         "file": "version.php",
         "variable": "$config['versionnumber']",
         "subdir": 2,
07013e56
         "extra_match": "LimeSurvey",
         "note": "2.x and above"
e1127d74
       }
     ]
   },
   {
     "name": "webcalendar",
     "url": "http://www.k5n.us/webcalendar.php",
     "safe": "1.2.7",
     "vuln": "CVE-2013-1422",
     "detection": [
       {
         "file": "config.php",
         "variable": "$PROGRAM_VERSION",
         "subdir": 1,
         "extra_match": "@package WebCalendar"
       }
     ]
   },
   {
     "name": "nextcloud",
     "url": "https://nextcloud.com",
d054c52d
     "safe": "19.0.2",
     "old_safe": "18.0.10",
     "vuln": "CVE-2020-8236",
e1127d74
     "detection": [
       {
         "file": "version.php",
         "variable": "$OC_VersionString",
         "subdir": 0,
         "extra_match": "$vendor = 'nextcloud';"
       }
     ]
   },
   {
     "name": "owncloud",
     "url": "https://owncloud.org/",
00723ae2
     "safe": "10.3.2",
     "latest": "10.4.0",
     "vuln": "https://owncloud.org/security/advisories/ssrf-in-add-to-your-owncloud-functionality/",
e1127d74
     "detection": [
234555a7
       {
         "file": "util.php",
         "variable": "return '",
         "subdir": 1,
         "extra_match": "class OC_Util",
         "note": "5.x and earlier"
       },
e1127d74
       {
         "file": "version.php",
         "variable": "$OC_VersionString",
         "subdir": 0,
         "extra_nomatch": "nextcloud"
       }
     ]
   },
   {
     "name": "videodb",
     "url": "http://www.videodb.net/",
     "safe": "4.0",
6b04adb7
     "vuln": "https://www.exploit-db.com/exploits/17660",
e1127d74
     "detection": [
       {
         "file": "constants.php",
         "variable": "('VERSION',",
         "subdir": 1,
         "extra_match": "TBL_"
       }
     ]
   },
   {
     "name": "OpenX",
     "url": "http://www.openx.com/",
     "safe": "",
6b04adb7
     "vuln": "https://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/",
e1127d74
     "detection": [
       {
         "file": "constants.php",
         "variable": "OA_VERSION",
         "subdir": 0,
         "extra_match": "OpenX"
       }
     ]
   },
   {
     "name": "revive",
     "url": "http://www.revive-adserver.com/",
     "safe": "3.0.5",
     "vuln": "CVE-2013-5954",
     "detection": [
       {
         "file": "constants.php",
         "variable": "VERSION",
         "subdir": 0,
         "extra_match": "Revive Adserver"
       }
     ]
   },
   {
     "name": "osTicket",
7edf1231
     "url": "https://osticket.com/",
     "safe": "1.12.1",
     "old_safe": "1.10.7",
     "vuln": "CVE-2019-14750",
     "latest": "1.14.1",
e1127d74
     "detection": [
       {
         "file": "bootstrap.php",
         "variable": "define('THIS_VERSION',",
         "subdir": 0
       }
     ]
   },
   {
     "name": "Gitlist",
     "url": "https://gitlist.org/",
     "safe": "0.7.0",
     "vuln": "CVE-2018-1000533",
     "latest": "1.0.2",
     "detection": [
       {
         "file": "footer.twig",
         "variable": "Powered by",
         "subdir": 3
       }
     ]
bd0d63b6
   },
   {
     "name": "reveal.js",
     "url": "https://revealjs.com/",
     "safe": "3.9.2",
4b94b0f4
     "vuln": "CVE-2020-8127",
bd0d63b6
     "latest": "3.9.2",
     "detection": [
       {
         "file": "reveal.js",
         "variable": "var VERSION",
         "subdir": 1
       }
     ]
e1127d74
   }
a17575d7
 ]