Browse code

update various URLs to https and CVEs, update a few packages

Hanno Böck authored on16/12/2019 20:44:09
Showing6 changed files
... ...
@@ -135,7 +135,7 @@
135 135
     "name": "wBB",
136 136
     "url": "http://www.woltlab.com/",
137 137
     "safe": "3.0.9",
138
-    "vuln": "http://www.securityfocus.com/archive/1/503867/30/60/threaded",
138
+    "vuln": "https://www.securityfocus.com/archive/1/503867/30/60/threaded",
139 139
     "detection": [
140 140
       {
141 141
         "file": "config.inc.php",
... ...
@@ -148,7 +148,7 @@
148 148
     "name": "WBBLite",
149 149
     "url": "http://wbblite.com/",
150 150
     "safe": "2.1",
151
-    "vuln": "http://www.securityfocus.com/archive/1/503867/30/60/threaded",
151
+    "vuln": "https://www.securityfocus.com/archive/1/503867/30/60/threaded",
152 152
     "detection": [
153 153
       {
154 154
         "file": "package.xml",
... ...
@@ -192,15 +192,20 @@
192 192
   {
193 193
     "name": "Contenido",
194 194
     "url": "https://www.contenido.org/",
195
-    "safe": "4.8.15",
196
-    "vuln": "http://www.contenido.org/de/front_content.php?idcat=107&idart=1789&client=6&lang=3",
197
-    "latest": "4.8.15",
195
+    "safe": "4.9.12",
196
+    "vuln": "https://devwerks.net/advisories/DW-2016-008_CONTENIDO_XSS.txt",
197
+    "latest": "4.10.1",
198 198
     "detection": [
199 199
       {
200 200
         "file": "config.misc.php",
201 201
         "variable": "$cfg['version']",
202 202
         "subdir": 1,
203 203
         "extra_match": "Contenido Misc Configurations"
204
+      },
205
+      {
206
+        "file": "startup.php",
207
+        "variable": "CON_VERSION",
208
+        "subdir": 1
204 209
       }
205 210
     ]
206 211
   },
... ...
@@ -221,8 +226,8 @@
221 226
   {
222 227
     "name": "CMSMadeSimple",
223 228
     "url": "https://www.cmsmadesimple.org/",
224
-    "safe": "1.11.13",
225
-    "vuln": "http://www.cmsmadesimple.org/2015/02/Announcing-CMS-Made-Simple-1-11-13-Security-Release/",
229
+    "safe": "2.2.12",
230
+    "vuln": "CVE-2019-17226",
226 231
     "detection": [
227 232
       {
228 233
         "file": "version.php",
... ...
@@ -247,9 +252,9 @@
247 252
   {
248 253
     "name": "SPIP",
249 254
     "url": "https://www.spip.net/",
250
-    "safe": "2.1.13",
251
-    "old_safe": "2.0.18",
252
-    "vuln": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/",
255
+    "safe": "3.2.5",
256
+    "old_safe": "3.1.11",
257
+    "vuln": "CVE-2019-16392",
253 258
     "detection": [
254 259
       {
255 260
         "file": "inc_version.php",
... ...
@@ -17,7 +17,7 @@
17 17
     "url": "http://galleryproject.org/",
18 18
     "safe": "3.0.9",
19 19
     "old_safe": "2.3.2",
20
-    "vuln": "http://galleryproject.org/gallery_3_0_9",
20
+    "vuln": "CVE-2013-2241",
21 21
     "detection": [
22 22
       {
23 23
         "file": "module.inc",
... ...
@@ -41,10 +41,10 @@
41 41
   },
42 42
   {
43 43
     "name": "SimpleGroupware",
44
-    "url": "http://www.simple-groupware.de/",
45
-    "safe": "0.607",
46
-    "vuln": "http://www.simple-groupware.de/cms/Release-0-607",
47
-    "latest": "0.724",
44
+    "url": "https://web.archive.org/web/20130810201721/http://www.simple-groupware.de/",
45
+    "safe": "0.742",
46
+    "vuln": "CVE-2012-1028",
47
+    "latest": "0.745",
48 48
     "detection": [
49 49
       {
50 50
         "file": "setup.php",
... ...
@@ -370,14 +370,20 @@
370 370
   {
371 371
     "name": "Horde-webmail",
372 372
     "url": "http://www.horde.org/",
373
-    "safe": "1.2.7",
374
-    "vuln": "http://secunia.com/advisories/39860",
373
+    "safe": "",
374
+    "vuln": "CVE-2019-12094",
375 375
     "detection": [
376 376
       {
377 377
         "file": "bundle.php",
378 378
         "variable": "BUNDLE_VERSION",
379 379
         "subdir": 1,
380 380
         "extra_match": "'Horde Groupware Webmail Edition'"
381
+      },
382
+      {
383
+        "file": "Bundle.php",
384
+        "variable": "VERSION",
385
+        "subdir": 1,
386
+        "extra_match": "'Horde Groupware Webmail Edition'"
381 387
       }
382 388
     ]
383 389
   },
... ...
@@ -532,7 +538,7 @@
532 538
     "name": "videodb",
533 539
     "url": "http://www.videodb.net/",
534 540
     "safe": "4.0",
535
-    "vuln": "http://www.exploit-db.com/exploits/17660/",
541
+    "vuln": "https://www.exploit-db.com/exploits/17660",
536 542
     "detection": [
537 543
       {
538 544
         "file": "constants.php",
... ...
@@ -546,7 +552,7 @@
546 552
     "name": "OpenX",
547 553
     "url": "http://www.openx.com/",
548 554
     "safe": "",
549
-    "vuln": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/",
555
+    "vuln": "https://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/",
550 556
     "detection": [
551 557
       {
552 558
         "file": "constants.php",
... ...
@@ -166,7 +166,7 @@
166 166
     "name": "Wordpress-CustomContact",
167 167
     "url": "https://wordpress.org/plugins/custom-contact-forms/",
168 168
     "safe": "5.1.0.4",
169
-    "vuln": "http://blog.sucuri.net/2014/08/database-takeover-in-custom-contact-forms.html",
169
+    "vuln": "https://blog.sucuri.net/2014/08/database-takeover-in-custom-contact-forms.html",
170 170
     "detection": [
171 171
       {
172 172
         "file": "custom-contact-forms.php",
... ...
@@ -231,8 +231,8 @@
231 231
   {
232 232
     "name": "Wordpress-DownloadManager",
233 233
     "url": "https://wordpress.org/plugins/download-manager/",
234
-    "safe": "2.7.5",
235
-    "vuln": "http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html",
234
+    "safe": "2.9.61",
235
+    "vuln": "https://www.exploit-db.com/exploits/43487",
236 236
     "detection": [
237 237
       {
238 238
         "file": "download-manager.php",
... ...
@@ -258,7 +258,7 @@
258 258
     "name": "Joomla-Googlemaps",
259 259
     "url": "http://joomlacode.org/gf/project/mambot_google1/",
260 260
     "safe": "3.1",
261
-    "vuln": "http://joomlacode.org/gf/project/mambot_google1/news/?id=4119",
261
+    "vuln": "CVE-2013-7428",
262 262
     "detection": [
263 263
       {
264 264
         "file": "plugin_googlemap3.perm",