[phpMyAdmin-veryold]
url=http://www.phpmyadmin.net/
safe=4.8.3
vuln=CVE-2018-15605
file=Config.class.php
variable=PMA_VERSION
subdir=1

[phpMyAdmin-old]
url=http://www.phpmyadmin.net/
safe=4.8.3
vuln=CVE-2018-15605
file=Config.php
variable=PMA_VERSION
subdir=1
extra_match=namespace PMA\libraries;

[phpMyAdmin]
url=http://www.phpmyadmin.net/
safe=4.8.3
vuln=CVE-2018-15605
file=Config.php
variable=PMA_VERSION
subdir=2
extra_match=namespace PhpMyAdmin;

[SquirrelMail]
url=http://www.squirrelmail.org/
safe=1.4.22
vuln=CVE-2010-4554
file=strings.php
variable=$version
extra_match=SquirrelMail version number
subdir=1

# old mantis versions behave different
[Mantis-deprecated]
url=https://mantisbt.org/
safe=2.17.1
vuln=CVE-2018-16514
file=config_defaults_inc.php
variable=$g_mantis_version
subdir=0

[Mantis]
url=https://mantisbt.org/
safe=2.17.1
vuln=CVE-2018-16514
file=constant_inc.php
variable=MANTIS_VERSION
subdir=1

[Bugzilla3]
url=http://www.bugzilla.org/
safe=4.4.7
old_safe=4.2.12,4.0.16
vuln=CVE-2011-2379
file=Constants.pm
variable=BUGZILLA_VERSION
subdir=1

[Bugzilla2]
url=http://www.bugzilla.org/
safe=4.4.7
old_safe=4.2.12,4.0.16
vuln=CVE-2011-2379
file=Config.pm
variable=$Bugzilla::Config::VERSION
subdir=1

[SimpNews]
url=http://www.boesch-it.de
safe=2.48
vuln=CVE-2010-2858
file=global.inc.php
variable=$version 
subdir=1
extra_match=$path_simpnews

[calendarix]
url=http://www.calendarix.com/
safe=     
vuln=CVE-2007-3183
file=cal_config.inc.php
variable=$version
subdir=0

[myEvent]
url=http://mywebland.com/
safe=     
vuln=CVE-2007-0690
file=config.php
variable=$version
extra_match=$eventbgcolor
subdir=0

[php-stats]
url=http://php-stats.com/
safe=
vuln=CVE-2007-5453
file=update.php
variable=$version
extra_match=http://php-stats.com/
subdir=0

[Ampache]
url=http://ampache.org/
safe=3.5.3
vuln=http://ampache.org/2009/12/20/3-5-3-security-release/
file=init.php
variable=$results['version']
subdir=1
extra_match=$ampache_path

[SiteBar]
url=http://sitebar.org/
safe=3.3.9
vuln=CVE-2007-5492
file=database.inc.php
variable=SB_CURRENT_RELEASE
subdir=1

[phpPgAdmin]
url=http://phppgadmin.sourceforge.net/
safe=5.0.4
vuln=CVE-2012-1600
file=lib.inc.php
variable=$appVersion
subdir=1
extra_match=phpPgAdmin

[FTP Admin]
url=http://ftpadmin.sourceforge.net/
safe=
vuln=CVE-2007-6234
file=session_start.php
variable=VERSION
subdir=0
extra_match=define("TITLE", "FTP Admin");

[RoundCube-deprecated]
url=http://roundcube.net
safe=1.3.7
vuln=https://roundcube.net/news/2018/07/27/update-1.3.7-released
file=index.php
variable=RCMAIL_VERSION
subdir=0

[RoundCube]
url=http://roundcube.net
safe=1.3.7
vuln=https://roundcube.net/news/2018/07/27/update-1.3.7-released
file=iniset.php
variable=RCMAIL_VERSION
subdir=2

[Moodle]
url=http://www.moodle.org/
safe=3.2.2
old_safe=3.1.5,3.0.9,2.7.19
vuln=CVE-2017-2641
file=version.php
variable=$release
subdir=0
extra_match=MOODLE VERSION INFORMATION

[cacti]
url=http://www.cacti.net/
safe=0.8.7
vuln=CVE-2007-6035
file=global.php
variable=$config["cacti_version"]
subdir=1

[gnopaste]
url=http://gnopaste.sf.net/
safe=0.5.4
vuln=CVE-2006-2834
file=install.php
variable=$_SESSION['page_title'] = 'gnopaste
subdir=0

[Flyspray]
url=http://www.flyspray.org/
safe=0.9.9.7
vuln=CVE-2012-1058
file=class.flyspray.php
variable=var $version
subdir=1

[phpMyID]
url=http://siege.org/projects/phpMyID
safe=
vuln=CVE-2008-4730
file=MyID.php
variable=@version
subdir=0

[phplist-old]
url=http://www.phplist.com/
safe=3.2.7
vuln=CVE-2016-10045
file=connect.php
variable=define("VERSION"
subdir=1

[phplist]
url=http://www.phplist.com/
safe=3.2.7
vuln=CVE-2016-10045
file=init.php
variable=define("VERSION"
subdir=1

[Piwik]
url=http://piwik.org/
safe=3.0.3
vuln=https://piwik.org/changelog/piwik-3-0-3/
file=Version.php
variable=const VERSION
subdir=1
extra_match=@link http://piwik.org

[phpWishlist]
url=http://phpwishlist.sourceforge.net/
safe=0.1.15
vuln=CVE-2005-2203
file=header.inc.php
variable=$version
subdir=1
extra_match=* Wishlist -

[awstats]
url=http://awstats.sourceforge.net/
safe=7.1
vuln=CVE-2012-4547
file=awstats.pl
variable=$VERSION  =
subdir=0

[phpMyFAQ]
url=http://www.phpmyfaq.de/
safe=2.5.5
vuln=http://www.phpmyfaq.de/advisory_2009-12-01.php
file=phpmyfaq.spec
variable=version
subdir=1

[Horde-webmail]
url=http://www.horde.org/
file=bundle.php
variable=BUNDLE_VERSION
extra_match='Horde Groupware Webmail Edition'
safe=1.2.7
vuln=http://secunia.com/advisories/39860
subdir=1

[ResourceSpace]
url=http://www.resourcespace.org/
file=version.php
variable=$productname='ResourceSpace';$productversion
safe=4.2.2833
latest=4.3.2912
vuln=CVE-2011-4311
subdir=1

[apc.php]
url=http://pecl.php.net/package/APC
file=apc.php
# this does not contain it's "real" version number, using the CVS id
# instead - there's been an XSS pre 3.1.4.
variable=$VERSION='$Id: apc.php
safe=301867
vuln=CVE-2010-3294
subdir=0

[webtrees]
url=http://webtrees.net/
file=session.php
variable=define('WT_VERSION'
safe=1.2.4
latest=1.2.4
vuln=http://webtrees.net/en/forums/2-open-discussion/16423-webtrees-124
subdir=1

[PhpGedView]
url=http://phpgedview.sourceforge.net/
file=session.php
variable=define('PGV_VERSION'
safe=
vuln=2011-0405
subdir=1

[status.net]
url=http://status.net
file=common.php
variable=define('STATUSNET_BASE_VERSION'
safe=0.9.9
vuln=CVE-2011-3370
subdir=1

[limesurvey18]
url=http://www.limesurvey.org/
file=common.php
variable=$versionnumber
extra_match=LimeSurvey
safe=2.07
vuln=CVE-2015-5078
subdir=0

[limesurvey19]
url=http://www.limesurvey.org/
file=version.php
variable=$versionnumber
extra_match=$dbversionnumber
safe=2.07
vuln=CVE-2015-5078
subdir=0

[limesurvey]
url=http://www.limesurvey.org/
file=version.php
variable=$config['versionnumber']
extra_match=LimeSurvey
safe=2.07
vuln=CVE-2015-5078
subdir=2

[webcalendar]
url=http://www.k5n.us/webcalendar.php
file=config.php
variable=$PROGRAM_VERSION
extra_match=@package WebCalendar
safe=1.2.7
vuln=CVE-2013-1422
subdir=1

[nextcloud]
url=https://nextcloud.com
file=version.php
variable=$OC_VersionString
vuln=CVE-2017-0936
safe=12.0.5
old_safe=11.0.7
subdir=0
extra_match=$vendor = 'nextcloud';

[owncloud]
url=http://owncloud.org/
file=version.php
variable=$OC_VersionString
vuln=CVE-2017-8896
safe=10.0.2
old_safe=9.1.6,9.0.10,8.2.12
subdir=0
extra_nomatch=nextcloud

[owncloud5]
url=http://owncloud.org/
file=util.php
variable=return '
subdir=1
extra_match=class OC_Util
vuln=CVE-2017-8896
safe=10.0.2
old_safe=9.1.6,9.0.10,8.2.12

[videodb]
url=http://www.videodb.net/
file=constants.php
variable=('VERSION',
extra_match=TBL_
safe=4.0
vuln=http://www.exploit-db.com/exploits/17660/
subdir=1

[OpenX]
url=http://www.openx.com/
file=constants.php
variable=OA_VERSION
extra_match=OpenX
safe=
vuln=http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/
subdir=0

[revive]
url=http://www.revive-adserver.com/
file=constants.php
variable=VERSION
extra_match=Revive Adserver
safe=3.0.5
vuln=CVE-2013-5954
subdir=0

[osTicket]
url=http://osticket.com/
file=bootstrap.php
variable=define('THIS_VERSION',
safe=1.8.12
latest=1.9.12
vuln=https://github.com/osTicket/osTicket-1.8/releases/tag/v1.8.12
subdir=0

[Gitlist]
url=http://gitlist.org/
file=footer.twig
variable=Powered by
safe=0.5.0
latest=0.6.0
vuln=CVE-2014-4511
subdir=3