[phpMyAdmin]
url=http://www.phpmyadmin.net/
safe=3.4.5
vuln=http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php
file=Config.class.php
variable=PMA_VERSION
subdir=1

[SquirrelMail]
url=http://www.squirrelmail.org/
safe=1.4.22
vuln=CVE-2010-4554
file=strings.php
variable=$version
extra_match=SquirrelMail version number
subdir=1

# old mantis versions behave different
[Mantis-deprecated]
url=http://www.mantisbt.org/
safe=1.2.8
vuln=CVE-2011-3356
file=config_defaults_inc.php
variable=$g_mantis_version
subdir=0

[Mantis]
url=http://www.mantisbt.org/
safe=1.2.8
vuln=CVE-2011-3356
file=constant_inc.php
variable=MANTIS_VERSION
subdir=1

[Bugzilla3]
url=http://www.bugzilla.org/
safe=3.6.3
old_safe=3.4.9,3.2.9
vuln=CVE-2010-3172
file=Constants.pm
variable=BUGZILLA_VERSION
subdir=1

[Bugzilla2]
url=http://www.bugzilla.org/
safe=3.6.3
old_safe=3.4.9,3.2.9
vuln=CVE-2010-3172
file=Config.pm
variable=$Bugzilla::Config::VERSION
subdir=1

[SimpNews]
url=http://www.boesch-it.de
safe=2.42.01
vuln=CVE-2007-4872
file=global.inc.php
variable=$version 
subdir=1
extra_match=$path_simpnews

[calendarix]
url=http://www.calendarix.com/
safe=     
vuln=CVE-2007-3183
file=cal_config.inc.php
variable=$version
subdir=0

[myEvent]
url=http://mywebland.com/
safe=     
vuln=CVE-2007-0690
file=config.php
variable=$version
extra_match=$eventbgcolor
subdir=0

[php-stats]
url=http://php-stats.com/
safe=
vuln=CVE-2007-5453
file=update.php
variable=$version
extra_match=http://php-stats.com/
subdir=0

[Ampache]
url=http://ampache.org/
safe=3.3.3.5  
vuln=CVE-2007-4437
file=init.php
variable=$results['version']
subdir=1
extra_match=$ampache_path

[SiteBar]
url=http://sitebar.org/
safe=3.3.9
vuln=CVE-2007-5492
file=database.inc.php
variable=SB_CURRENT_RELEASE
subdir=1

[phpPgAdmin]
url=http://phppgadmin.sourceforge.net/
safe=4.2.2
vuln=CVE-2008-5587
file=lib.inc.php
variable=$appVersion
subdir=1
extra_match=phpPgAdmin

[FTP Admin]
url=http://ftpadmin.sourceforge.net/
safe=
vuln=CVE-2007-6234
file=session_start.php
variable=VERSION
subdir=0
extra_match=define("TITLE", "FTP Admin");

[RoundCube-deprecated]
url=http://roundcube.net
safe=0.5.4
vuln=CVE-2011-2937
file=index.php
variable=RCMAIL_VERSION
subdir=0

[RoundCube]
url=http://roundcube.net
safe=0.5.4
vuln=CVE-2011-2937
file=iniset.php
variable=RCMAIL_VERSION
subdir=2

[Moodle]
url=http://www.moodle.org/
safe=1.9.10
vuln=CVE-2010-3866
file=version.php
variable=$release
subdir=0
extra_match=MOODLE VERSION INFORMATION

[cacti]
url=http://www.cacti.net/
safe=0.8.7
vuln=CVE-2007-6035
file=global.php
variable=$config["cacti_version"]
subdir=1

[gnopaste]
url=http://gnopaste.sf.net/
safe=0.5.4
vuln=CVE-2006-2834
file=install.php
variable=$_SESSION['page_title'] = 'gnopaste
subdir=0

[Flyspray]
url=http://www.flyspray.org/
safe=0.9.9.5
vuln=CVE-2008-1165
file=class.flyspray.php
variable=var $version
subdir=1

[phpMyID]
url=http://siege.org/projects/phpMyID
safe=
vuln=CVE-2008-4730
file=MyID.php
variable=@version
subdir=0

[phplist]
url=http://www.phplist.com/
safe=2.10.13
vuln=CVE-2011-0748
file=connect.php
variable=define("VERSION"
subdir=1

[Piwik]
url=http://piwik.org/
safe=1.5
vuln=http://piwik.org/blog/2011/06/piwik-1-5-security-advisory/
file=Version.php
variable=const VERSION
subdir=1
extra_match=final class Piwik_Version

[phpWishlist]
url=http://phpwishlist.sourceforge.net/
safe=0.1.15
vuln=CVE-2005-2203
file=header.inc.php
variable=$version
subdir=1
extra_match=* Wishlist -

[awstats]
url=http://awstats.sourceforge.net/
safe=7.0
vuln=CVE-2010-4369
file=awstats.pl
variable=$VERSION  =
subdir=0

[phpMyFAQ]
url=http://www.phpmyfaq.de/
safe=2.5.5
vuln=http://www.phpmyfaq.de/advisory_2009-12-01.php
file=phpmyfaq.spec
variable=version
subdir=1

[Horde-webmail]
url=http://www.horde.org/
file=bundle.php
variable=BUNDLE_VERSION
extra_match='Horde Groupware Webmail Edition'
safe=1.2.7
vuln=http://secunia.com/advisories/39860
subdir=1

[ResourceSpace]
url=http://www.resourcespace.org/
file=version.php
variable=$productname='ResourceSpace';$productversion
safe=3.5.1857
latest=3.8.2144
vuln=http://www.resourcespace.org/download.php
subdir=1

[OpenX]
url=http://www.openx.org/
file=constants.php
variable=OA_VERSION
safe=2.8.7
vuln=CVE-2009-4140
subdir=0

[apc.php]
url=http://pecl.php.net/package/APC
file=apc.php
# this does not contain it's "real" version number, using the CVS id
# instead - there's been an XSS pre 3.1.4.
variable=$VERSION='$Id: apc.php
safe=301867
vuln=CVE-2010-3294
subdir=0

[webtrees]
url=http://webtrees.net/
file=session.php
variable=define('WT_VERSION'
safe=1.0.2
latest=1.0.6
vuln=http://wiki.webtrees.net/Release_History
subdir=1

[PhpGedView]
url=http://phpgedview.sourceforge.net/
file=session.php
variable=define('PGV_VERSION'
safe=
vuln=2011-0405
subdir=1

[status.net]
url=http://status.net
file=common.php
variable=define('STATUSNET_BASE_VERSION'
safe=0.9.9
vuln=http://status.net/2011/08/02/security-alert-for-all-versions-of-statusnet
subdir=1