[phpMyAdmin-veryold]

 url=http://www.phpmyadmin.net/

 safe=4.8.3
 vuln=CVE-2018-15605

 file=Config.class.php
 variable=PMA_VERSION
 subdir=1
 

 [phpMyAdmin-old]

 url=http://www.phpmyadmin.net/

 safe=4.8.3
 vuln=CVE-2018-15605

 file=Config.php
 variable=PMA_VERSION
 subdir=1

 extra_match=namespace PMA\libraries;
 

 [phpMyAdmin]

 url=http://www.phpmyadmin.net/

 safe=4.8.3
 vuln=CVE-2018-15605

 file=Config.php
 variable=PMA_VERSION
 subdir=2
 extra_match=namespace PhpMyAdmin;

 [SquirrelMail]
 url=http://www.squirrelmail.org/

 safe=1.4.22
 vuln=CVE-2010-4554

 file=strings.php
 variable=$version
 extra_match=SquirrelMail version number
 subdir=1
 

 # old mantis versions behave different

 [Mantis-deprecated]

 url=https://mantisbt.org/

 safe=2.17.1
 vuln=CVE-2018-16514

 file=config_defaults_inc.php
 variable=$g_mantis_version
 subdir=0
 

 [Mantis]

 url=https://mantisbt.org/

 safe=2.17.1
 vuln=CVE-2018-16514

 file=constant_inc.php
 variable=MANTIS_VERSION
 subdir=1
 

 [Bugzilla3]
 url=http://www.bugzilla.org/

 safe=4.4.7
 old_safe=4.2.12,4.0.16

 vuln=CVE-2011-2379

 file=Constants.pm
 variable=BUGZILLA_VERSION
 subdir=1
 
 [Bugzilla2]
 url=http://www.bugzilla.org/

 safe=4.4.7
 old_safe=4.2.12,4.0.16

 vuln=CVE-2011-2379

 file=Config.pm
 variable=$Bugzilla::Config::VERSION
 subdir=1
 
 [SimpNews]
 url=http://www.boesch-it.de

 safe=2.48
 vuln=CVE-2010-2858

 file=global.inc.php
 variable=$version 
 subdir=1
 extra_match=$path_simpnews
 
 [calendarix]
 url=http://www.calendarix.com/
 safe=     
 vuln=CVE-2007-3183
 file=cal_config.inc.php
 variable=$version
 subdir=0
 
 [myEvent]
 url=http://mywebland.com/
 safe=     
 vuln=CVE-2007-0690
 file=config.php
 variable=$version
 extra_match=$eventbgcolor
 subdir=0
 
 [php-stats]
 url=http://php-stats.com/
 safe=
 vuln=CVE-2007-5453
 file=update.php
 variable=$version
 extra_match=http://php-stats.com/
 subdir=0
 
 [Ampache]
 url=http://ampache.org/

 safe=3.5.3
 vuln=http://ampache.org/2009/12/20/3-5-3-security-release/

 file=init.php
 variable=$results['version']
 subdir=1
 extra_match=$ampache_path
 
 [SiteBar]
 url=http://sitebar.org/
 safe=3.3.9
 vuln=CVE-2007-5492
 file=database.inc.php
 variable=SB_CURRENT_RELEASE
 subdir=1
 
 [phpPgAdmin]
 url=http://phppgadmin.sourceforge.net/

 safe=5.0.4
 vuln=CVE-2012-1600

 file=lib.inc.php
 variable=$appVersion
 subdir=1
 extra_match=phpPgAdmin

 
 [FTP Admin]
 url=http://ftpadmin.sourceforge.net/
 safe=
 vuln=CVE-2007-6234
 file=session_start.php
 variable=VERSION
 subdir=0
 extra_match=define("TITLE", "FTP Admin");

 [RoundCube-deprecated]

 url=http://roundcube.net

 safe=1.3.8
 vuln=CVE-2018-19206

 file=index.php
 variable=RCMAIL_VERSION
 subdir=0

 [RoundCube]
 url=http://roundcube.net

 safe=1.3.8
 vuln=CVE-2018-19206

 file=iniset.php
 variable=RCMAIL_VERSION
 subdir=2
 

 [Moodle]
 url=http://www.moodle.org/

 safe=3.2.2
 old_safe=3.1.5,3.0.9,2.7.19
 vuln=CVE-2017-2641

 file=version.php
 variable=$release
 subdir=0
 extra_match=MOODLE VERSION INFORMATION

 
 [cacti]
 url=http://www.cacti.net/
 safe=0.8.7
 vuln=CVE-2007-6035
 file=global.php
 variable=$config["cacti_version"]
 subdir=1

 
 [gnopaste]
 url=http://gnopaste.sf.net/
 safe=0.5.4
 vuln=CVE-2006-2834
 file=install.php
 variable=$_SESSION['page_title'] = 'gnopaste
 subdir=0

 
 [Flyspray]
 url=http://www.flyspray.org/

 safe=0.9.9.7
 vuln=CVE-2012-1058

 file=class.flyspray.php
 variable=var $version
 subdir=1

 
 [phpMyID]
 url=http://siege.org/projects/phpMyID
 safe=

 vuln=CVE-2008-4730

 file=MyID.php
 variable=@version
 subdir=0

 [phplist-old]

 url=http://www.phplist.com/

 safe=3.2.7
 vuln=CVE-2016-10045

 file=connect.php
 variable=define("VERSION"
 subdir=1

 [phplist]
 url=http://www.phplist.com/
 safe=3.2.7
 vuln=CVE-2016-10045
 file=init.php
 variable=define("VERSION"
 subdir=1
 

 [Piwik]
 url=http://piwik.org/

 safe=3.0.3
 vuln=https://piwik.org/changelog/piwik-3-0-3/

 file=Version.php
 variable=const VERSION
 subdir=1

 extra_match=@link http://piwik.org

 
 [phpWishlist]
 url=http://phpwishlist.sourceforge.net/
 safe=0.1.15
 vuln=CVE-2005-2203
 file=header.inc.php
 variable=$version
 subdir=1
 extra_match=* Wishlist -

 
 [awstats]
 url=http://awstats.sourceforge.net/

 safe=7.1
 vuln=CVE-2012-4547

 file=awstats.pl
 variable=$VERSION  =
 subdir=0

 
 [phpMyFAQ]
 url=http://www.phpmyfaq.de/
 safe=2.5.5
 vuln=http://www.phpmyfaq.de/advisory_2009-12-01.php
 file=phpmyfaq.spec
 variable=version
 subdir=1

 
 [Horde-webmail]
 url=http://www.horde.org/
 file=bundle.php
 variable=BUNDLE_VERSION
 extra_match='Horde Groupware Webmail Edition'

 safe=1.2.7
 vuln=http://secunia.com/advisories/39860

 subdir=1

 
 [ResourceSpace]
 url=http://www.resourcespace.org/
 file=version.php
 variable=$productname='ResourceSpace';$productversion

 safe=4.2.2833
 latest=4.3.2912

 vuln=CVE-2011-4311

 subdir=1

 [apc.php]
 url=http://pecl.php.net/package/APC
 file=apc.php
 # this does not contain it's "real" version number, using the CVS id
 # instead - there's been an XSS pre 3.1.4.
 variable=$VERSION='$Id: apc.php
 safe=301867
 vuln=CVE-2010-3294
 subdir=0

 
 [webtrees]
 url=http://webtrees.net/
 file=session.php
 variable=define('WT_VERSION'

 safe=1.2.4
 latest=1.2.4
 vuln=http://webtrees.net/en/forums/2-open-discussion/16423-webtrees-124

 subdir=1

 
 [PhpGedView]
 url=http://phpgedview.sourceforge.net/
 file=session.php
 variable=define('PGV_VERSION'
 safe=

 vuln=2011-0405

 subdir=1

 
 [status.net]
 url=http://status.net
 file=common.php
 variable=define('STATUSNET_BASE_VERSION'

 safe=0.9.9

 vuln=CVE-2011-3370

 subdir=1

 
 [limesurvey18]
 url=http://www.limesurvey.org/
 file=common.php
 variable=$versionnumber
 extra_match=LimeSurvey

 safe=2.07
 vuln=CVE-2015-5078

 subdir=0
 

 [limesurvey19]

 url=http://www.limesurvey.org/
 file=version.php
 variable=$versionnumber
 extra_match=$dbversionnumber

 safe=2.07
 vuln=CVE-2015-5078

 subdir=0

 [limesurvey]
 url=http://www.limesurvey.org/
 file=version.php
 variable=$config['versionnumber']
 extra_match=LimeSurvey

 safe=2.07
 vuln=CVE-2015-5078

 subdir=2
 

 [webcalendar]
 url=http://www.k5n.us/webcalendar.php
 file=config.php
 variable=$PROGRAM_VERSION
 extra_match=@package WebCalendar

 safe=1.2.7
 vuln=CVE-2013-1422

 subdir=1

 [nextcloud]
 url=https://nextcloud.com
 file=version.php
 variable=$OC_VersionString

 vuln=CVE-2018-3780
 safe=13.0.5

 subdir=0
 extra_match=$vendor = 'nextcloud';
 

 [owncloud]

 url=http://owncloud.org/
 file=version.php
 variable=$OC_VersionString

 vuln=CVE-2017-8896
 safe=10.0.2
 old_safe=9.1.6,9.0.10,8.2.12

 subdir=0

 extra_nomatch=nextcloud

 [owncloud5]

 url=http://owncloud.org/
 file=util.php
 variable=return '
 subdir=1

 extra_match=class OC_Util

 vuln=CVE-2017-8896
 safe=10.0.2
 old_safe=9.1.6,9.0.10,8.2.12

 
 [videodb]
 url=http://www.videodb.net/
 file=constants.php
 variable=('VERSION',
 extra_match=TBL_
 safe=4.0
 vuln=http://www.exploit-db.com/exploits/17660/
 subdir=1

 
 [OpenX]
 url=http://www.openx.com/
 file=constants.php
 variable=OA_VERSION
 extra_match=OpenX

 safe=
 vuln=http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/
 subdir=0
 
 [revive]
 url=http://www.revive-adserver.com/
 file=constants.php
 variable=VERSION
 extra_match=Revive Adserver

 safe=3.0.5
 vuln=CVE-2013-5954

 subdir=0

 
 [osTicket]
 url=http://osticket.com/
 file=bootstrap.php
 variable=define('THIS_VERSION',
 safe=1.8.12
 latest=1.9.12
 vuln=https://github.com/osTicket/osTicket-1.8/releases/tag/v1.8.12
 subdir=0

 
 [Gitlist]
 url=http://gitlist.org/
 file=footer.twig

 variable=Powered by

 safe=0.5.0
 latest=0.6.0
 vuln=CVE-2014-4511
 subdir=3