[
{
"name": "phpMyAdmin",
"url": "https://www.phpmyadmin.net/",
"safe": "5.0.3",
"old_safe": "4.9.6",
"vuln": "https://www.phpmyadmin.net/security/PMASA-2020-6/",
"detection": [
{
"file": "Config.class.php",
"variable": "PMA_VERSION",
"subdir": 1,
"note": "4.5.x and older"
},
{
"file": "Config.php",
"variable": "PMA_VERSION",
"subdir": 1,
"extra_match": "namespace PMA\\libraries;",
"note": "4.6.x/4.7.x"
},
{
"file": "Config.php",
"variable": "PMA_VERSION",
"subdir": 2,
"extra_match": "namespace PhpMyAdmin;"
}
]
},
{
"name": "SquirrelMail",
"url": "https://squirrelmail.org/",
"safe": "1.4.22",
"vuln": "CVE-2010-4554",
"detection": [
{
"file": "strings.php",
"variable": "$version",
"subdir": 1,
"extra_match": "SquirrelMail version number"
}
]
},
{
"name": "Mantis",
"url": "https://mantisbt.org/",
"safe": "2.24.4",
"vuln": "CVE-2020-28413",
"detection": [
{
"file": "config_defaults_inc.php",
"variable": "$g_mantis_version",
"subdir": 0
},
{
"file": "constant_inc.php",
"variable": "MANTIS_VERSION",
"subdir": 1
}
]
},
{
"name": "Bugzilla",
"url": "https://www.bugzilla.org/",
"safe": "5.0.4",
"old_safe": "4.4.13",
"vuln": "CVE-2018-5123",
"detection": [
{
"file": "globals.pl",
"variable": "$::param{'version'}",
"subdir": 0,
"note": "2.14.x and older"
},
{
"file": "Config.pm",
"variable": "$Bugzilla::Config::VERSION",
"subdir": 1,
"note": "2.16.x - 2.23.x"
},
{
"file": "Constants.pm",
"variable": "BUGZILLA_VERSION",
"subdir": 1,
"note": "3.x and newer"
}
]
},
{
"name": "SimpNews",
"url": "https://web.archive.org/web/20110228171938/http://www.boesch-it.de/",
"safe": "2.48",
"vuln": "CVE-2010-2858",
"detection": [
{
"file": "global.inc.php",
"variable": "$version",
"subdir": 1,
"extra_match": "$path_simpnews"
}
]
},
{
"name": "calendarix",
"url": "https://web.archive.org/web/20120430200920/http://www.calendarix.com/",
"safe": "",
"vuln": "CVE-2007-3183",
"detection": [
{
"file": "cal_config.inc.php",
"variable": "$version",
"subdir": 0
}
]
},
{
"name": "myEvent",
"url": "http://mywebland.com/",
"safe": "",
"vuln": "CVE-2007-0690",
"detection": [
{
"file": "config.php",
"variable": "$version",
"subdir": 0,
"extra_match": "$eventbgcolor"
}
]
},
{
"name": "php-stats",
"url": "http://php-stats.com/",
"safe": "",
"vuln": "CVE-2007-5453",
"detection": [
{
"file": "update.php",
"variable": "$version",
"subdir": 0,
"extra_match": "http://php-stats.com/"
}
]
},
{
"name": "Ampache",
"url": "http://ampache.org/",
"safe": "4.0.0",
"vuln": "CVE-2019-12385",
"detection": [
{
"file": "init.php",
"variable": "$results['version']",
"subdir": 1,
"extra_match": "$ampache_path"
}
]
},
{
"name": "SiteBar",
"url": "https://sitebar.org/",
"safe": "3.3.9",
"vuln": "CVE-2007-5492",
"detection": [
{
"file": "database.inc.php",
"variable": "SB_CURRENT_RELEASE",
"subdir": 1
}
]
},
{
"name": "phpPgAdmin",
"url": "http://phppgadmin.sourceforge.net/",
"safe": "5.0.4",
"vuln": "CVE-2012-1600",
"detection": [
{
"file": "lib.inc.php",
"variable": "$appVersion",
"subdir": 1,
"extra_match": "phpPgAdmin"
}
]
},
{
"name": "FTP Admin",
"url": "http://ftpadmin.sourceforge.net/",
"safe": "",
"vuln": "CVE-2007-6234",
"detection": [
{
"file": "session_start.php",
"variable": "VERSION",
"subdir": 0,
"extra_match": "define(\"TITLE\", \"FTP Admin\");"
}
]
},
{
"name": "RoundCube",
"url": "https://roundcube.net",
"safe": "1.4.11",
"old_safe": "1.3.16,1.2.13",
"latest": "1.4.11",
"vuln": "CVE-2021-26925",
"detection": [
{
"file": "index.php",
"variable": "RCMAIL_VERSION",
"subdir": 0
},
{
"file": "iniset.php",
"variable": "RCMAIL_VERSION",
"subdir": 2
}
]
},
{
"name": "Moodle",
"url": "https://moodle.org/",
"safe": "3.10.4",
"old_safe": "3.9.7,3.8.9,3.5.18",
"latest": "3.11",
"vuln": "CVE-2021-32472",
"detection": [
{
"file": "version.php",
"variable": "$release",
"subdir": 0,
"extra_match": "MOODLE VERSION INFORMATION"
}
]
},
{
"name": "cacti",
"url": "https://cacti.net/",
"safe": "1.2.8",
"vuln": "CVE-2019-17357",
"detection": [
{
"file": "global.php",
"variable": "$config[\"cacti_version\"]",
"subdir": 1
}
]
},
{
"name": "gnopaste",
"url": "http://gnopaste.sf.net/",
"safe": "0.5.4",
"vuln": "CVE-2006-2834",
"detection": [
{
"file": "install.php",
"variable": "$_SESSION['page_title'] = 'gnopaste",
"subdir": 0
}
]
},
{
"name": "Flyspray",
"url": "http://www.flyspray.org/",
"safe": "0.9.9.7",
"vuln": "CVE-2012-1058",
"detection": [
{
"file": "class.flyspray.php",
"variable": "var $version",
"subdir": 1
}
]
},
{
"name": "phpMyID",
"url": "http://siege.org/projects/phpMyID",
"safe": "",
"vuln": "CVE-2008-4730",
"detection": [
{
"file": "MyID.php",
"variable": "@version",
"subdir": 0
}
]
},
{
"name": "phplist",
"url": "https://www.phplist.org/",
"safe": "3.5.1",
"vuln": "CVE-2020-8547",
"detection": [
{
"file": "connect.php",
"variable": "define(\"VERSION\"",
"subdir": 1
},
{
"file": "init.php",
"variable": "define(\"VERSION\"",
"subdir": 1
}
]
},
{
"name": "Matomo",
"url": "https://matomo.org/",
"safe": "3.13.4",
"vuln": "https://matomo.org/changelog/matomo-3-13-4/",
"latest": "3.13.4",
"detection": [
{
"file": "Version.php",
"variable": "const VERSION",
"subdir": 1,
"extra_match": "@link https://matomo.org"
},
{
"file": "Version.php",
"variable": "const VERSION",
"subdir": 1,
"extra_match": "@link http://piwik.org",
"note": "when it was called Piwik"
}
]
},
{
"name": "phpWishlist",
"url": "http://phpwishlist.sourceforge.net/",
"safe": "0.1.15",
"vuln": "CVE-2005-2203",
"detection": [
{
"file": "header.inc.php",
"variable": "$version",
"subdir": 1,
"extra_match": "* Wishlist -"
}
]
},
{
"name": "awstats",
"url": "https://awstats.sourceforge.io/",
"safe": "7.7",
"vuln": "CVE-2017-1000501",
"detection": [
{
"file": "awstats.pl",
"variable": "$VERSION =",
"subdir": 0
}
]
},
{
"name": "phpMyFAQ",
"url": "https://www.phpmyfaq.de/",
"safe": "2.9.11",
"vuln": "CVE-2018-16650",
"detection": [
{
"file": "phpmyfaq.spec",
"variable": "version",
"subdir": 1
}
]
},
{
"name": "Horde-webmail",
"url": "http://www.horde.org/",
"safe": "",
"vuln": "CVE-2019-12094",
"detection": [
{
"file": "bundle.php",
"variable": "BUNDLE_VERSION",
"subdir": 1,
"extra_match": "'Horde Groupware Webmail Edition'"
},
{
"file": "Bundle.php",
"variable": "VERSION",
"subdir": 1,
"extra_match": "'Horde Groupware Webmail Edition'"
}
]
},
{
"name": "ResourceSpace",
"url": "https://www.resourcespace.com/",
"safe": "4.2.2833",
"vuln": "CVE-2011-4311",
"latest": "4.3.2912",
"detection": [
{
"file": "version.php",
"variable": "$productname='ResourceSpace';$productversion",
"subdir": 1
}
]
},
{
"name": "apc.php",
"url": "http://pecl.php.net/package/APC",
"safe": "301867",
"vuln": "CVE-2010-3294",
"note": "this does not contain it's \"real\" version number, using the CVS id instead - there's been an XSS pre 3.1.4.",
"detection": [
{
"file": "apc.php",
"variable": "$VERSION='$Id: apc.php",
"subdir": 0
}
]
},
{
"name": "webtrees",
"url": "https://www.webtrees.net/",
"safe": "1.2.4",
"vuln": "CVE-2014-100006",
"latest": "1.5.2",
"detection": [
{
"file": "session.php",
"variable": "define('WT_VERSION'",
"subdir": 1
}
]
},
{
"name": "PhpGedView",
"url": "http://phpgedview.sourceforge.net/",
"safe": "4.2.4",
"vuln": "CVE-2011-0405",
"detection": [
{
"file": "session.php",
"variable": "define('PGV_VERSION'",
"subdir": 1
}
]
},
{
"name": "status.net",
"url": "http://status.net",
"safe": "0.9.9",
"vuln": "CVE-2011-3370",
"detection": [
{
"file": "common.php",
"variable": "define('STATUSNET_BASE_VERSION'",
"subdir": 1
}
]
},
{
"name": "limesurvey",
"url": "https://www.limesurvey.org/",
"safe": "4.1.15",
"vuln": "https://www.limesurvey.org/limesurvey-updates/2234-limesurvey-4-1-15-build-200402-released",
"detection": [
{
"file": "common.php",
"variable": "$versionnumber",
"subdir": 0,
"extra_match": "LimeSurvey",
"note": "1.8.x and earlier"
},
{
"file": "version.php",
"variable": "$versionnumber",
"subdir": 0,
"extra_match": "$dbversionnumber",
"note": "1.9.x"
},
{
"file": "version.php",
"variable": "$config['versionnumber']",
"subdir": 2,
"extra_match": "LimeSurvey",
"note": "2.x and above"
}
]
},
{
"name": "webcalendar",
"url": "http://www.k5n.us/webcalendar.php",
"safe": "1.2.7",
"vuln": "CVE-2013-1422",
"detection": [
{
"file": "config.php",
"variable": "$PROGRAM_VERSION",
"subdir": 1,
"extra_match": "@package WebCalendar"
}
]
},
{
"name": "nextcloud",
"url": "https://nextcloud.com",
"safe": "21.0.2",
"old_safe": "20.0.10,19.0.11",
"vuln": "CVE-2021-32657",
"detection": [
{
"file": "version.php",
"variable": "$OC_VersionString",
"subdir": 0,
"extra_match": "$vendor = 'nextcloud';"
}
]
},
{
"name": "owncloud",
"url": "https://owncloud.org/",
"safe": "10.7.0",
"latest": "10.7.0",
"vuln": "CVE-2021-29659",
"detection": [
{
"file": "util.php",
"variable": "return '",
"subdir": 1,
"extra_match": "class OC_Util",
"note": "5.x and earlier"
},
{
"file": "version.php",
"variable": "$OC_VersionString",
"subdir": 0,
"extra_nomatch": "nextcloud"
}
]
},
{
"name": "videodb",
"url": "http://www.videodb.net/",
"safe": "4.0",
"vuln": "https://www.exploit-db.com/exploits/17660",
"detection": [
{
"file": "constants.php",
"variable": "('VERSION',",
"subdir": 1,
"extra_match": "TBL_"
}
]
},
{
"name": "OpenX",
"url": "http://www.openx.com/",
"safe": "",
"vuln": "https://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/",
"detection": [
{
"file": "constants.php",
"variable": "OA_VERSION",
"subdir": 0,
"extra_match": "OpenX"
}
]
},
{
"name": "revive",
"url": "http://www.revive-adserver.com/",
"safe": "3.0.5",
"vuln": "CVE-2013-5954",
"detection": [
{
"file": "constants.php",
"variable": "VERSION",
"subdir": 0,
"extra_match": "Revive Adserver"
}
]
},
{
"name": "osTicket",
"url": "https://osticket.com/",
"safe": "1.12.1",
"old_safe": "1.10.7",
"vuln": "CVE-2019-14750",
"latest": "1.14.1",
"detection": [
{
"file": "bootstrap.php",
"variable": "define('THIS_VERSION',",
"subdir": 0
}
]
},
{
"name": "Gitlist",
"url": "https://gitlist.org/",
"safe": "0.7.0",
"vuln": "CVE-2018-1000533",
"latest": "1.0.2",
"detection": [
{
"file": "footer.twig",
"variable": "Powered by",
"subdir": 3
}
]
},
{
"name": "reveal.js",
"url": "https://revealjs.com/",
"safe": "3.9.2",
"vuln": "CVE-2020-8127",
"latest": "3.9.2",
"detection": [
{
"file": "reveal.js",
"variable": "var VERSION",
"subdir": 1
}
]
}
]