Browse code

add json db

Hanno Böck authored on11/12/2019 18:39:41
Showing32 changed files
1 1
deleted file mode 100644
... ...
@@ -1,132 +0,0 @@
1
-[phpBB]
2
-url=https://www.phpbb.com
3
-safe=3.2.8
4
-vuln=CVE-2019-16108
5
-file=CHANGELOG.html
6
-variable=Changes since
7
-add_minor=1
8
-subdir=1
9
-
10
-[DeluxeBB]
11
-url=http://www.deluxebb.com/
12
-safe=
13
-vuln=CVE-2010-4151
14
-file=header.php
15
-variable=$versionname
16
-subdir=0
17
-extra_match=DeluxeBB
18
-
19
-[PunBB]
20
-url=http://punbb.org/
21
-safe=1.4.1
22
-vuln=https://secunia.com/advisories/46864
23
-file=db_update.php
24
-variable=UPDATE_TO
25
-extra_match=@package PunBB
26
-subdir=0
27
-
28
-[PunBB12]
29
-url=http://punbb.org/
30
-safe=1.4.1
31
-vuln=https://secunia.com/advisories/46864
32
-file=install.php
33
-variable=$punbb_version
34
-subdir=0
35
-
36
-[UseBB]
37
-url=http://www.usebb.net/
38
-safe=1.0.12
39
-latest=1.0.16
40
-vuln=CVE-2011-3611
41
-file=common.php
42
-variable=USEBB_VERSION
43
-subdir=1
44
-
45
-[Vanilla]
46
-url=http://vanillaforums.com/
47
-safe=2.1.3
48
-vuln=http://vanillaforums.org/discussion/27822/vanilla-2-1-3-security-release
49
-file=version.php
50
-variable=APPLICATION_VERSION
51
-subdir=1
52
-extra_match=define('APPLICATION', 'Vanilla');
53
-
54
-[Vanilla2]
55
-url=http://vanillaforums.com/
56
-safe=2.1.3
57
-vuln=http://vanillaforums.org/discussion/27822/vanilla-2-1-3-security-release
58
-file=index.php
59
-variable=APPLICATION_VERSION
60
-subdir=0
61
-extra_match=define('APPLICATION', 'Vanilla');
62
-
63
-[Simple_Machines_Forum]
64
-url=http://www.simplemachines.org/
65
-safe=2.0.5
66
-old_safe=1.1.16
67
-vuln=http://www.simplemachines.org/community/index.php?topic=509417.0
68
-file=index.php
69
-variable=$forum_version
70
-subdir=0
71
-extra_match=Simple Machines Forum
72
-
73
-[MyBB]
74
-url=http://www.mybboard.net/
75
-safe=1.8.3
76
-old_safe=1.6.16
77
-vuln=http://blog.mybb.com/2014/11/20/mybb-1-8-3-1-6-16-released-security-releases/
78
-file=class_core.php
79
-variable=$version
80
-subdir=1
81
-
82
-[Phorum]
83
-url=http://www.phorum.org/
84
-safe=5.2.19
85
-latest=5.2.19
86
-vuln=http://www.phorum.org/phorum5/read.php?64,151943
87
-file=common.php
88
-variable=define( "PHORUM"
89
-subdir=0
90
-
91
-[wBB]
92
-url=http://www.woltlab.com/
93
-safe=3.0.9
94
-vuln=http://www.securityfocus.com/archive/1/503867/30/60/threaded
95
-file=config.inc.php
96
-variable=define('PACKAGE_VERSION',
97
-subdir=0
98
-
99
-[WBBLite]
100
-url=http://wbblite.com/
101
-safe=2.1
102
-vuln=http://www.securityfocus.com/archive/1/503867/30/60/threaded
103
-file=package.xml
104
-variable=<version>
105
-extra_match=<packagename>WoltLab Burning Board Lite</packagename>
106
-subdir=0
107
-
108
-[FluxBB12]
109
-url=https://fluxbb.org/
110
-safe=1.5.11
111
-vuln=https://fluxbb.org/forums/viewtopic.php?id=9472
112
-file=install.php
113
-variable=$fluxbb_version
114
-subdir=1
115
-
116
-[FluxBB]
117
-url=https://fluxbb.org/
118
-safe=1.5.11
119
-vuln=https://fluxbb.org/forums/viewtopic.php?id=9472
120
-file=common.php
121
-variable=FORUM_VERSION
122
-extra_match=FORUM_DB_REVISION
123
-subdir=1
124
-
125
-[vBulletin]
126
-url=https://www.vbulletin.com/
127
-safe=4.2.2
128
-vuln=CVE-2013-6129
129
-file=class_core.php
130
-variable=define('FILE_VERSION'
131
-subdir=1
132
-extra_match=vBulletin
133 0
new file mode 100644
... ...
@@ -0,0 +1,210 @@
1
+[
2
+  {
3
+    "name": "phpBB",
4
+    "url": "https://www.phpbb.com",
5
+    "safe": "3.2.8",
6
+    "vuln": "CVE-2019-16108",
7
+    "detection": [
8
+      {
9
+        "file": "CHANGELOG.html",
10
+        "variable": "Changes since",
11
+        "subdir": 1,
12
+        "add_minor": "1"
13
+      }
14
+    ]
15
+  },
16
+  {
17
+    "name": "DeluxeBB",
18
+    "url": "http://www.deluxebb.com/",
19
+    "safe": "",
20
+    "vuln": "CVE-2010-4151",
21
+    "detection": [
22
+      {
23
+        "file": "header.php",
24
+        "variable": "$versionname",
25
+        "subdir": 0,
26
+        "extra_match": "DeluxeBB"
27
+      }
28
+    ]
29
+  },
30
+  {
31
+    "name": "PunBB",
32
+    "url": "http://punbb.org/",
33
+    "safe": "1.4.1",
34
+    "vuln": "https://secunia.com/advisories/46864",
35
+    "detection": [
36
+      {
37
+        "file": "db_update.php",
38
+        "variable": "UPDATE_TO",
39
+        "subdir": 0,
40
+        "extra_match": "@package PunBB"
41
+      }
42
+    ]
43
+  },
44
+  {
45
+    "name": "PunBB12",
46
+    "url": "http://punbb.org/",
47
+    "safe": "1.4.1",
48
+    "vuln": "https://secunia.com/advisories/46864",
49
+    "detection": [
50
+      {
51
+        "file": "install.php",
52
+        "variable": "$punbb_version",
53
+        "subdir": 0
54
+      }
55
+    ]
56
+  },
57
+  {
58
+    "name": "UseBB",
59
+    "url": "http://www.usebb.net/",
60
+    "safe": "1.0.12",
61
+    "vuln": "CVE-2011-3611",
62
+    "latest": "1.0.16",
63
+    "detection": [
64
+      {
65
+        "file": "common.php",
66
+        "variable": "USEBB_VERSION",
67
+        "subdir": 1
68
+      }
69
+    ]
70
+  },
71
+  {
72
+    "name": "Vanilla",
73
+    "url": "http://vanillaforums.com/",
74
+    "safe": "2.1.3",
75
+    "vuln": "http://vanillaforums.org/discussion/27822/vanilla-2-1-3-security-release",
76
+    "detection": [
77
+      {
78
+        "file": "version.php",
79
+        "variable": "APPLICATION_VERSION",
80
+        "subdir": 1,
81
+        "extra_match": "define('APPLICATION', 'Vanilla');"
82
+      }
83
+    ]
84
+  },
85
+  {
86
+    "name": "Vanilla2",
87
+    "url": "http://vanillaforums.com/",
88
+    "safe": "2.1.3",
89
+    "vuln": "http://vanillaforums.org/discussion/27822/vanilla-2-1-3-security-release",
90
+    "detection": [
91
+      {
92
+        "file": "index.php",
93
+        "variable": "APPLICATION_VERSION",
94
+        "subdir": 0,
95
+        "extra_match": "define('APPLICATION', 'Vanilla');"
96
+      }
97
+    ]
98
+  },
99
+  {
100
+    "name": "Simple_Machines_Forum",
101
+    "url": "http://www.simplemachines.org/",
102
+    "safe": "2.0.5",
103
+    "old_safe": "1.1.16",
104
+    "vuln": "http://www.simplemachines.org/community/index.php?topic=509417.0",
105
+    "detection": [
106
+      {
107
+        "file": "index.php",
108
+        "variable": "$forum_version",
109
+        "subdir": 0,
110
+        "extra_match": "Simple Machines Forum"
111
+      }
112
+    ]
113
+  },
114
+  {
115
+    "name": "MyBB",
116
+    "url": "http://www.mybboard.net/",
117
+    "safe": "1.8.3",
118
+    "old_safe": "1.6.16",
119
+    "vuln": "http://blog.mybb.com/2014/11/20/mybb-1-8-3-1-6-16-released-security-releases/",
120
+    "detection": [
121
+      {
122
+        "file": "class_core.php",
123
+        "variable": "$version",
124
+        "subdir": 1
125
+      }
126
+    ]
127
+  },
128
+  {
129
+    "name": "Phorum",
130
+    "url": "http://www.phorum.org/",
131
+    "safe": "5.2.19",
132
+    "vuln": "http://www.phorum.org/phorum5/read.php?64,151943",
133
+    "latest": "5.2.19",
134
+    "detection": [
135
+      {
136
+        "file": "common.php",
137
+        "variable": "define( \"PHORUM\"",
138
+        "subdir": 0
139
+      }
140
+    ]
141
+  },
142
+  {
143
+    "name": "wBB",
144
+    "url": "http://www.woltlab.com/",
145
+    "safe": "3.0.9",
146
+    "vuln": "http://www.securityfocus.com/archive/1/503867/30/60/threaded",
147
+    "detection": [
148
+      {
149
+        "file": "config.inc.php",
150
+        "variable": "define('PACKAGE_VERSION',",
151
+        "subdir": 0
152
+      }
153
+    ]
154
+  },
155
+  {
156
+    "name": "WBBLite",
157
+    "url": "http://wbblite.com/",
158
+    "safe": "2.1",
159
+    "vuln": "http://www.securityfocus.com/archive/1/503867/30/60/threaded",
160
+    "detection": [
161
+      {
162
+        "file": "package.xml",
163
+        "variable": "<version>",
164
+        "subdir": 0,
165
+        "extra_match": "<packagename>WoltLab Burning Board Lite</packagename>"
166
+      }
167
+    ]
168
+  },
169
+  {
170
+    "name": "FluxBB12",
171
+    "url": "https://fluxbb.org/",
172
+    "safe": "1.5.11",
173
+    "vuln": "https://fluxbb.org/forums/viewtopic.php?id=9472",
174
+    "detection": [
175
+      {
176
+        "file": "install.php",
177
+        "variable": "$fluxbb_version",
178
+        "subdir": 1
179
+      }
180
+    ]
181
+  },
182
+  {
183
+    "name": "FluxBB",
184
+    "url": "https://fluxbb.org/",
185
+    "safe": "1.5.11",
186
+    "vuln": "https://fluxbb.org/forums/viewtopic.php?id=9472",
187
+    "detection": [
188
+      {
189
+        "file": "common.php",
190
+        "variable": "FORUM_VERSION",
191
+        "subdir": 1,
192
+        "extra_match": "FORUM_DB_REVISION"
193
+      }
194
+    ]
195
+  },
196
+  {
197
+    "name": "vBulletin",
198
+    "url": "https://www.vbulletin.com/",
199
+    "safe": "4.2.2",
200
+    "vuln": "CVE-2013-6129",
201
+    "detection": [
202
+      {
203
+        "file": "class_core.php",
204
+        "variable": "define('FILE_VERSION'",
205
+        "subdir": 1,
206
+        "extra_match": "vBulletin"
207
+      }
208
+    ]
209
+  }
210
+]
0 211
\ No newline at end of file
1 212
deleted file mode 100644
... ...
@@ -1,80 +0,0 @@
1
-[Serendipity]
2
-url=https://docs.s9y.org/
3
-safe=2.3.2
4
-vuln=https://blog.s9y.org/archives/287-Serendipity-2.3.2-released-security-update.html
5
-file=serendipity_config.inc.php
6
-variable=$serendipity['version']
7
-subdir=0
8
-
9
-[Wordpress]
10
-url=https://wordpress.org/
11
-safe=5.2.4
12
-old_safe=5.1.4,5.1.3,5.0.8,5.0.7,4.9.13,4.9.12,4.8.12,4.8.11,4.7.16,4.7.15,4.6.17,4.6.16,4.5.20,4.5.19,4.4.21,4.4.20,4.3.22,4.3.21,4.2.26,4.2.25,4.1.29,4.1.28,4.0.29,4.0.28,3.9.30,3.9.29,3.8.32,3.8.31,3.7.32,3.7.31
13
-vuln=CVE-2019-17672
14
-file=version.php
15
-variable=$wp_version
16
-subdir=1
17
-extra_match=The WordPress version string
18
-
19
-[SimplePHPBlog]
20
-url=http://www.simplephpblog.com/
21
-safe=0.5.1
22
-vuln=CVE-2007-5071
23
-file=sb_functions.php
24
-variable=$sb_info[ 'version' ]
25
-subdir=1
26
-
27
-[b2evolution]
28
-url=https://b2evolution.net/
29
-safe=1.9.2
30
-old_safe=1.8.7
31
-vuln=CVE-2007-0175
32
-file=_application.php
33
-variable=$app_version
34
-extra_match=This is b2evolution
35
-subdir=2
36
-
37
-[nucleuscms]
38
-url=http://www.nucleuscms.org/
39
-safe=3.40
40
-vuln=CVE-2009-0929
41
-file=globalfunctions.php
42
-variable=$nucleus['version']
43
-subdir=2
44
-
45
-[sBlog]
46
-url=https://web.archive.org/web/20080908094255/http://sblog.se/wiki/Main_Page
47
-safe=
48
-latest=0.7.3
49
-vuln=CVE-2007-1801
50
-file=version.ini
51
-variable=conf_current_version
52
-subdir=1
53
-extra_match=[sblog_version_info]
54
-
55
-[Movable_Type]
56
-url=https://movabletype.com/
57
-# only 5.x public
58
-safe=7.1.4
59
-old_safe=6.5.2,6.3.10
60
-vuln=https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html
61
-file=mt.php
62
-variable=VERSION_ID
63
-subdir=1
64
-
65
-[artmedic_weblog]
66
-url=http://www.artmedic-phpscripts.de/
67
-safe=
68
-latest=1.0
69
-vuln=CVE-2008-0798
70
-file=artmedic_index.php
71
-variable=# artmedic weblog
72
-subdir=0
73
-
74
-[DotClear]
75
-url=http://www.dotclear.net/
76
-safe=2.2.3
77
-vuln=CVE-2011-1584
78
-file=LISEZMOI.txt
79
-variable=DotClear
80
-subdir=0
81 0
new file mode 100644
... ...
@@ -0,0 +1,128 @@
1
+[
2
+  {
3
+    "name": "Serendipity",
4
+    "url": "https://docs.s9y.org/",
5
+    "safe": "2.3.2",
6
+    "vuln": "https://blog.s9y.org/archives/287-Serendipity-2.3.2-released-security-update.html",
7
+    "detection": [
8
+      {
9
+        "file": "serendipity_config.inc.php",
10
+        "variable": "$serendipity['version']",
11
+        "subdir": 0
12
+      }
13
+    ]
14
+  },
15
+  {
16
+    "name": "Wordpress",
17
+    "url": "https://wordpress.org/",
18
+    "safe": "5.2.4",
19
+    "old_safe": "5.1.4,5.1.3,5.0.8,5.0.7,4.9.13,4.9.12,4.8.12,4.8.11,4.7.16,4.7.15,4.6.17,4.6.16,4.5.20,4.5.19,4.4.21,4.4.20,4.3.22,4.3.21,4.2.26,4.2.25,4.1.29,4.1.28,4.0.29,4.0.28,3.9.30,3.9.29,3.8.32,3.8.31,3.7.32,3.7.31",
20
+    "vuln": "CVE-2019-17672",
21
+    "detection": [
22
+      {
23
+        "file": "version.php",
24
+        "variable": "$wp_version",
25
+        "subdir": 1,
26
+        "extra_match": "The WordPress version string"
27
+      }
28
+    ]
29
+  },
30
+  {
31
+    "name": "SimplePHPBlog",
32
+    "url": "http://www.simplephpblog.com/",
33
+    "safe": "0.5.1",
34
+    "vuln": "CVE-2007-5071",
35
+    "detection": [
36
+      {
37
+        "file": "sb_functions.php",
38
+        "variable": "$sb_info[ 'version' ]",
39
+        "subdir": 1
40
+      }
41
+    ]
42
+  },
43
+  {
44
+    "name": "b2evolution",
45
+    "url": "https://b2evolution.net/",
46
+    "safe": "1.9.2",
47
+    "old_safe": "1.8.7",
48
+    "vuln": "CVE-2007-0175",
49
+    "detection": [
50
+      {
51
+        "file": "_application.php",
52
+        "variable": "$app_version",
53
+        "subdir": 2,
54
+        "extra_match": "This is b2evolution"
55
+      }
56
+    ]
57
+  },
58
+  {
59
+    "name": "nucleuscms",
60
+    "url": "http://www.nucleuscms.org/",
61
+    "safe": "3.40",
62
+    "vuln": "CVE-2009-0929",
63
+    "detection": [
64
+      {
65
+        "file": "globalfunctions.php",
66
+        "variable": "$nucleus['version']",
67
+        "subdir": 2
68
+      }
69
+    ]
70
+  },
71
+  {
72
+    "name": "sBlog",
73
+    "url": "https://web.archive.org/web/20080908094255/http://sblog.se/wiki/Main_Page",
74
+    "safe": "",
75
+    "vuln": "CVE-2007-1801",
76
+    "latest": "0.7.3",
77
+    "detection": [
78
+      {
79
+        "file": "version.ini",
80
+        "variable": "conf_current_version",
81
+        "subdir": 1,
82
+        "extra_match": "[sblog_version_info]"
83
+      }
84
+    ]
85
+  },
86
+  {
87
+    "name": "Movable_Type",
88
+    "url": "https://movabletype.com/",
89
+    "safe": "7.1.4",
90
+    "old_safe": "6.5.2,6.3.10",
91
+    "vuln": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html",
92
+    "note": "only 5.x public",
93
+    "detection": [
94
+      {
95
+        "file": "mt.php",
96
+        "variable": "VERSION_ID",
97
+        "subdir": 1
98
+      }
99
+    ]
100
+  },
101
+  {
102
+    "name": "artmedic_weblog",
103
+    "url": "http://www.artmedic-phpscripts.de/",
104
+    "safe": "",
105
+    "vuln": "CVE-2008-0798",
106
+    "latest": "1.0",
107
+    "detection": [
108
+      {
109
+        "file": "artmedic_index.php",
110
+        "variable": "# artmedic weblog",
111
+        "subdir": 0
112
+      }
113
+    ]
114
+  },
115
+  {
116
+    "name": "DotClear",
117
+    "url": "http://www.dotclear.net/",
118
+    "safe": "2.2.3",
119
+    "vuln": "CVE-2011-1584",
120
+    "detection": [
121
+      {
122
+        "file": "LISEZMOI.txt",
123
+        "variable": "DotClear",
124
+        "subdir": 0
125
+      }
126
+    ]
127
+  }
128
+]
0 129
\ No newline at end of file
1 130
deleted file mode 100644
... ...
@@ -1,251 +0,0 @@
1
-[WebsiteBaker]
2
-url=https://websitebaker.org/
3
-safe=2.8.4
4
-vuln=CVE-2015-0553
5
-file=version.php
6
-variable=VERSION
7
-extra_match=Website Baker Project
8
-subdir=3
9
-
10
-[WebsiteBaker28]
11
-url=https://websitebaker.org/
12
-safe=2.8.4
13
-vuln=CVE-2015-0553
14
-file=info.php
15
-variable=$template_platform
16
-extra_match=wb_theme
17
-subdir=3
18
-
19
-[toendaCMS]
20
-url=http://www.toendacms.com/
21
-safe=
22
-vuln=CVE-2007-1872
23
-file=tcms_version.xml
24
-variable=release
25
-subdir=2
26
-
27
-[Drupal6]
28
-url=https://www.drupal.org/
29
-safe=7.67
30
-latest=7.67
31
-vuln=https://www.drupal.org/sa-core-2019-007
32
-file=system.module
33
-variable=define('VERSION'
34
-subdir=2
35
-
36
-[Drupal7]
37
-url=https://www.drupal.org/
38
-safe=7.67
39
-latest=7.67
40
-vuln=https://www.drupal.org/sa-core-2019-007
41
-file=bootstrap.inc
42
-variable=define('VERSION'
43
-subdir=1
44
-
45
-[Drupal8]
46
-url=https://www.drupal.org/
47
-safe=8.7.1
48
-old_safe=8.6.16
49
-latest=8.7.1
50
-vuln=https://www.drupal.org/sa-core-2019-007
51
-file=Drupal.php
52
-variable=const VERSION
53
-subdir=2
54
-
55
-[PHPNuke]
56
-url=https://www.phpnuke.org/
57
-# I'm not really sure about that, but 8.0 is at least vulnerable
58
-# Versions pre 8.0 aren't easily detectable
59
-safe=8.1
60
-vuln=CVE-2007-1519
61
-file=version.php
62
-variable=$version_number
63
-extra_match=PHP-Nuke $version_number
64
-subdir=2
65
-
66
-[Typo3]
67
-url=https://typo3.org/
68
-safe=9.5.6
69
-old_safe=8.7.25
70
-vuln=https://typo3.org/article/typo3-956-and-8725-security-releases-published/
71
-file=config_default.php
72
-variable=$TYPO_VERSION
73
-subdir=1
74
-
75
-[typo3-6]
76
-url=https://typo3.org/
77
-safe=9.5.6
78
-old_safe=8.7.25
79
-vuln=https://typo3.org/article/typo3-956-and-8725-security-releases-published/
80
-file=SystemEnvironmentBuilder.php
81
-variable=define('TYPO3_version
82
-subdir=4
83
-
84
-[Joomla-1]
85
-url=https://www.joomla.org/
86
-safe=3.9.13
87
-vuln=CVE-2019-18674
88
-file=CHANGELOG.php
89
-variable=---------------
90
-extra_match=Joomla! is free software.
91
-subdir=0
92
-
93
-[Joomla]
94
-url=https://www.joomla.org/
95
-safe=3.9.13
96
-vuln=CVE-2019-18674
97
-file=joomla.xml
98
-variable=<version>
99
-extra_match=FILES_JOOMLA_XML_DESCRIPTION
100
-path_match=administrator/manifests/files
101
-subdir=3
102
-
103
-[Mambo]
104
-url=http://www.source.mambo-foundation.org/
105
-safe=
106
-vuln=CVE-2008-2905
107
-file=version.php
108
-variable=var $RELEASE,var $DEV_LEVEL
109
-extra_match=@package Mambo
110
-subdir=1
111
-
112
-[w-Agora]
113
-url=http://www.w-agora.net/
114
-safe=
115
-latest=4.2.1
116
-vuln=CVE-2007-0607
117
-file=misc_func.php
118
-variable=$v =
119
-subdir=1
120
-extra_match=w-agora version $v
121
-
122
-[MODx]
123
-url=https://modx.com/
124
-safe=1.0.15
125
-vuln=http://forums.modx.com/thread/94952/multiple-vulnerabilities-xss-remote-command-injection
126
-file=version.inc.php
127
-variable=$version
128
-subdir=2
129
-extra_match=$full_appname = 'MODx'
130
-
131
-[MODX-1.x]
132
-url=https://modx.com/
133
-safe=1.0.15
134
-vuln=http://forums.modx.com/thread/94952/multiple-vulnerabilities-xss-remote-command-injection
135
-file=version.inc.php
136
-variable=$modx_version
137
-subdir=2
138
-
139
-[MODX-2.x]
140
-url=https://modx.com/
141
-safe=2.2.11
142
-vuln=http://modx.com/blog/2014/07/15/revolution-2.2.15/
143
-file=changelog.txt
144
-variable=MODX Revolution
145
-subdir=2
146
-extra_match=MODX
147
-
148
-[PostNuke]
149
-# This one is a hell to detect, not sure for how many versions this works
150
-url=http://www.postnuke.com
151
-# 0.764 last stable in 2006-11-20, 0.8.0.0 rcs available
152
-safe=
153
-vuln=CVE-2007-0385
154
-file=global.php
155
-variable=_MESSAGE_00_a
156
-subdir=2
157
-extra_match=http://www.pn-cms.de
158
-
159
-[Contenido]
160
-url=https://www.contenido.org/
161
-safe=4.8.15
162
-latest=4.8.15
163
-vuln=http://www.contenido.org/de/front_content.php?idcat=107&idart=1789&client=6&lang=3
164
-file=config.misc.php
165
-variable=$cfg['version']
166
-subdir=1
167
-extra_match=Contenido Misc Configurations
168
-
169
-[SilverStripe]
170
-url=https://www.silverstripe.com
171
-safe=2.4.7
172
-vuln=CVE-2012-0976
173
-file=silverstripe_version
174
-variable=/open/modules/cms/
175
-subdir=1
176
-extra_match=/open/modules/cms/
177
-
178
-[CMSMadeSimple]
179
-url=https://www.cmsmadesimple.org/
180
-safe=1.11.13
181
-vuln=http://www.cmsmadesimple.org/2015/02/Announcing-CMS-Made-Simple-1-11-13-Security-Release/
182
-file=version.php
183
-variable=$CMS_VERSION
184
-subdir=0
185
-
186
-[e107]
187
-url=https://e107.org/
188
-safe=1.0.0
189
-vuln=CVE-2011-4920
190
-file=ver.php
191
-variable=$e107info['e107_version']
192
-subdir=0
193
-
194
-[SPIP]
195
-url=https://www.spip.net/
196
-safe=2.1.13
197
-old_safe=2.0.18
198
-vuln=http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/
199
-file=inc_version.php
200
-variable=$spip_version_branche
201
-subdir=1
202
-
203
-[contao]
204
-url=https://contao.org/
205
-safe=3.2.5
206
-old_safe=2.11.14
207
-vuln=CVE-2014-1860
208
-latest=3.2.5
209
-file=CHANGELOG.md
210
-variable=Version
211
-extra_match=Contao Open Source CMS
212
-subdir=0
213
-
214
-[contao-old]
215
-url=https://contao.org/
216
-safe=3.2.5
217
-old_safe=2.11.14
218
-vuln=CVE-2014-1860
219
-latest=3.2.5
220
-file=CHANGELOG.txt
221
-variable=Version
222
-extra_match=Contao Open Source CMS Changelog
223
-subdir=0
224
-
225
-[redaxo]
226
-url=https://redaxo.org/
227
-safe=4.5
228
-vuln=CVE-2012-3869
229
-latest=4.5
230
-file=en_gb.lang
231
-variable=setup_037
232
-subdir=3
233
-
234
-[textpattern]
235
-url=https://textpattern.com/
236
-safe=4.7.0
237
-vuln=CVE-2018-7474
238
-latest=4.7.3
239
-file=index.php
240
-subdir=1
241
-variable=$thisversion
242
-
243
-[bolt]
244
-url=https://bolt.cm/
245
-safe=3.5.3
246
-latest=3.5.3
247
-file=Version.php
248
-variable=const VERSION
249
-vuln=https://github.com/bolt/bolt/blob/v3.5.4/changelog.md#bolt-353
250
-extra_match=Bolt's
251
-subdir=4
252 0
new file mode 100644
... ...
@@ -0,0 +1,387 @@
1
+[
2
+  {
3
+    "name": "WebsiteBaker",
4
+    "url": "https://websitebaker.org/",
5
+    "safe": "2.8.4",
6
+    "vuln": "CVE-2015-0553",
7
+    "detection": [
8
+      {
9
+        "file": "version.php",
10
+        "variable": "VERSION",
11
+        "subdir": 3,
12
+        "extra_match": "Website Baker Project"
13
+      }
14
+    ]
15
+  },
16
+  {
17
+    "name": "WebsiteBaker28",
18
+    "url": "https://websitebaker.org/",
19
+    "safe": "2.8.4",
20
+    "vuln": "CVE-2015-0553",
21
+    "detection": [
22
+      {
23
+        "file": "info.php",
24
+        "variable": "$template_platform",
25
+        "subdir": 3,
26
+        "extra_match": "wb_theme"
27
+      }
28
+    ]
29
+  },
30
+  {
31
+    "name": "toendaCMS",
32
+    "url": "http://www.toendacms.com/",
33
+    "safe": "",
34
+    "vuln": "CVE-2007-1872",
35
+    "detection": [
36
+      {
37
+        "file": "tcms_version.xml",
38
+        "variable": "release",
39
+        "subdir": 2
40
+      }
41
+    ]
42
+  },
43
+  {
44
+    "name": "Drupal6",
45
+    "url": "https://www.drupal.org/",
46
+    "safe": "7.67",
47
+    "vuln": "https://www.drupal.org/sa-core-2019-007",
48
+    "latest": "7.67",
49
+    "detection": [
50
+      {
51
+        "file": "system.module",
52
+        "variable": "define('VERSION'",
53
+        "subdir": 2
54
+      }
55
+    ]
56
+  },
57
+  {
58
+    "name": "Drupal7",
59
+    "url": "https://www.drupal.org/",
60
+    "safe": "7.67",
61
+    "vuln": "https://www.drupal.org/sa-core-2019-007",
62
+    "latest": "7.67",
63
+    "detection": [
64
+      {
65
+        "file": "bootstrap.inc",
66
+        "variable": "define('VERSION'",
67
+        "subdir": 1
68
+      }
69
+    ]
70
+  },
71
+  {
72
+    "name": "Drupal8",
73
+    "url": "https://www.drupal.org/",
74
+    "safe": "8.7.1",
75
+    "old_safe": "8.6.16",
76
+    "vuln": "https://www.drupal.org/sa-core-2019-007",
77
+    "latest": "8.7.1",
78
+    "detection": [
79
+      {
80
+        "file": "Drupal.php",
81
+        "variable": "const VERSION",
82
+        "subdir": 2
83
+      }
84
+    ]
85
+  },
86
+  {
87
+    "name": "PHPNuke",
88
+    "url": "https://www.phpnuke.org/",
89
+    "safe": "8.1",
90
+    "vuln": "CVE-2007-1519",
91
+    "note": "I'm not really sure about that, but 8.0 is at least vulnerable, pre 8.0 aren't easily detectable",
92
+    "detection": [
93
+      {
94
+        "file": "version.php",
95
+        "variable": "$version_number",
96
+        "subdir": 2,
97
+        "extra_match": "PHP-Nuke $version_number"
98
+      }
99
+    ]
100
+  },
101
+  {
102
+    "name": "Typo3",
103
+    "url": "https://typo3.org/",
104
+    "safe": "9.5.6",
105
+    "old_safe": "8.7.25",
106
+    "vuln": "https://typo3.org/article/typo3-956-and-8725-security-releases-published/",
107
+    "detection": [
108
+      {
109
+        "file": "config_default.php",
110
+        "variable": "$TYPO_VERSION",
111
+        "subdir": 1
112
+      }
113
+    ]
114
+  },
115
+  {
116
+    "name": "typo3-6",
117
+    "url": "https://typo3.org/",
118
+    "safe": "9.5.6",
119
+    "old_safe": "8.7.25",
120
+    "vuln": "https://typo3.org/article/typo3-956-and-8725-security-releases-published/",
121
+    "detection": [
122
+      {
123
+        "file": "SystemEnvironmentBuilder.php",
124
+        "variable": "define('TYPO3_version",
125
+        "subdir": 4
126
+      }
127
+    ]
128
+  },
129
+  {
130
+    "name": "Joomla-1",
131
+    "url": "https://www.joomla.org/",
132
+    "safe": "3.9.13",
133
+    "vuln": "CVE-2019-18674",
134
+    "detection": [
135
+      {
136
+        "file": "CHANGELOG.php",
137
+        "variable": "---------------",
138
+        "subdir": 0,
139
+        "extra_match": "Joomla! is free software."
140
+      }
141
+    ]
142
+  },
143
+  {
144
+    "name": "Joomla",
145
+    "url": "https://www.joomla.org/",
146
+    "safe": "3.9.13",
147
+    "vuln": "CVE-2019-18674",
148
+    "detection": [
149
+      {
150
+        "file": "joomla.xml",
151
+        "variable": "<version>",
152
+        "subdir": 3,
153
+        "extra_match": "FILES_JOOMLA_XML_DESCRIPTION",
154
+        "path_match": "administrator/manifests/files"
155
+      }
156
+    ]
157
+  },
158
+  {
159
+    "name": "Mambo",
160
+    "url": "http://www.source.mambo-foundation.org/",
161
+    "safe": "",
162
+    "vuln": "CVE-2008-2905",
163
+    "detection": [
164
+      {
165
+        "file": "version.php",
166
+        "variable": "var $RELEASE,var $DEV_LEVEL",
167
+        "subdir": 1,
168
+        "extra_match": "@package Mambo"
169
+      }
170
+    ]
171
+  },
172
+  {
173
+    "name": "w-Agora",
174
+    "url": "http://www.w-agora.net/",
175
+    "safe": "",
176
+    "vuln": "CVE-2007-0607",
177
+    "latest": "4.2.1",
178
+    "detection": [
179
+      {
180
+        "file": "misc_func.php",
181
+        "variable": "$v =",
182
+        "subdir": 1,
183
+        "extra_match": "w-agora version $v"
184
+      }
185
+    ]
186
+  },
187
+  {
188
+    "name": "MODx",
189
+    "url": "https://modx.com/",
190
+    "safe": "1.0.15",
191
+    "vuln": "http://forums.modx.com/thread/94952/multiple-vulnerabilities-xss-remote-command-injection",
192
+    "detection": [
193
+      {
194
+        "file": "version.inc.php",
195
+        "variable": "$version",
196
+        "subdir": 2,
197
+        "extra_match": "$full_appname = 'MODx'"
198
+      }
199
+    ]
200
+  },
201
+  {
202
+    "name": "MODX-1.x",
203
+    "url": "https://modx.com/",
204
+    "safe": "1.0.15",
205
+    "vuln": "http://forums.modx.com/thread/94952/multiple-vulnerabilities-xss-remote-command-injection",
206
+    "detection": [
207
+      {
208
+        "file": "version.inc.php",
209
+        "variable": "$modx_version",
210
+        "subdir": 2
211
+      }
212
+    ]
213
+  },
214
+  {
215
+    "name": "MODX-2.x",
216
+    "url": "https://modx.com/",
217
+    "safe": "2.2.11",
218
+    "vuln": "http://modx.com/blog/2014/07/15/revolution-2.2.15/",
219
+    "detection": [
220
+      {
221
+        "file": "changelog.txt",
222
+        "variable": "MODX Revolution",
223
+        "subdir": 2,
224
+        "extra_match": "MODX"
225
+      }
226
+    ]
227
+  },
228
+  {
229
+    "name": "PostNuke",
230
+    "url": "http://www.postnuke.com",
231
+    "safe": "",
232
+    "vuln": "CVE-2007-0385",
233
+    "latest": "0.764",
234
+    "detection": [
235
+      {
236
+        "file": "global.php",
237
+        "variable": "_MESSAGE_00_a",
238
+        "subdir": 2,
239
+        "extra_match": "http://www.pn-cms.de"
240
+      }
241
+    ]
242
+  },
243
+  {
244
+    "name": "Contenido",
245
+    "url": "https://www.contenido.org/",
246
+    "safe": "4.8.15",
247
+    "vuln": "http://www.contenido.org/de/front_content.php?idcat=107&idart=1789&client=6&lang=3",
248
+    "latest": "4.8.15",
249
+    "detection": [
250
+      {
251
+        "file": "config.misc.php",
252
+        "variable": "$cfg['version']",
253
+        "subdir": 1,
254
+        "extra_match": "Contenido Misc Configurations"
255
+      }
256
+    ]
257
+  },
258
+  {
259
+    "name": "SilverStripe",
260
+    "url": "https://www.silverstripe.com",
261
+    "safe": "2.4.7",
262
+    "vuln": "CVE-2012-0976",
263
+    "detection": [
264
+      {
265
+        "file": "silverstripe_version",
266
+        "variable": "/open/modules/cms/",
267
+        "subdir": 1,
268
+        "extra_match": "/open/modules/cms/"
269
+      }
270
+    ]
271
+  },
272
+  {
273
+    "name": "CMSMadeSimple",
274
+    "url": "https://www.cmsmadesimple.org/",
275
+    "safe": "1.11.13",
276
+    "vuln": "http://www.cmsmadesimple.org/2015/02/Announcing-CMS-Made-Simple-1-11-13-Security-Release/",
277
+    "detection": [
278
+      {
279
+        "file": "version.php",
280
+        "variable": "$CMS_VERSION",
281
+        "subdir": 0
282
+      }
283
+    ]
284
+  },
285
+  {
286
+    "name": "e107",
287
+    "url": "https://e107.org/",
288
+    "safe": "1.0.0",
289
+    "vuln": "CVE-2011-4920",
290
+    "detection": [
291
+      {
292
+        "file": "ver.php",
293
+        "variable": "$e107info['e107_version']",
294
+        "subdir": 0
295
+      }
296
+    ]
297
+  },
298
+  {
299
+    "name": "SPIP",
300
+    "url": "https://www.spip.net/",
301
+    "safe": "2.1.13",
302
+    "old_safe": "2.0.18",
303
+    "vuln": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/",
304
+    "detection": [
305
+      {
306
+        "file": "inc_version.php",
307
+        "variable": "$spip_version_branche",
308
+        "subdir": 1
309
+      }
310
+    ]
311
+  },
312
+  {
313
+    "name": "contao",
314
+    "url": "https://contao.org/",
315
+    "safe": "3.2.5",
316
+    "old_safe": "2.11.14",
317
+    "vuln": "CVE-2014-1860",
318
+    "latest": "3.2.5",
319
+    "detection": [
320
+      {
321
+        "file": "CHANGELOG.md",
322
+        "variable": "Version",
323
+        "subdir": 0,
324
+        "extra_match": "Contao Open Source CMS"
325
+      }
326
+    ]
327
+  },
328
+  {
329
+    "name": "contao-old",
330
+    "url": "https://contao.org/",
331
+    "safe": "3.2.5",
332
+    "old_safe": "2.11.14",
333
+    "vuln": "CVE-2014-1860",
334
+    "latest": "3.2.5",
335
+    "detection": [
336
+      {
337
+        "file": "CHANGELOG.txt",
338
+        "variable": "Version",
339
+        "subdir": 0,
340
+        "extra_match": "Contao Open Source CMS Changelog"
341
+      }
342
+    ]
343
+  },
344
+  {
345
+    "name": "redaxo",
346
+    "url": "https://redaxo.org/",
347
+    "safe": "4.5",
348
+    "vuln": "CVE-2012-3869",
349
+    "latest": "4.5",
350
+    "detection": [
351
+      {
352
+        "file": "en_gb.lang",
353
+        "variable": "setup_037",
354
+        "subdir": 3
355
+      }
356
+    ]
357
+  },
358
+  {
359
+    "name": "textpattern",
360
+    "url": "https://textpattern.com/",
361
+    "safe": "4.7.0",
362
+    "vuln": "CVE-2018-7474",
363
+    "latest": "4.7.3",
364
+    "detection": [
365
+      {
366
+        "file": "index.php",
367
+        "variable": "$thisversion",
368
+        "subdir": 1
369
+      }
370
+    ]
371
+  },
372
+  {
373
+    "name": "bolt",
374
+    "url": "https://bolt.cm/",
375
+    "safe": "3.5.3",
376
+    "vuln": "https://github.com/bolt/bolt/blob/v3.5.4/changelog.md#bolt-353",
377
+    "latest": "3.5.3",
378
+    "detection": [
379
+      {
380
+        "file": "Version.php",
381
+        "variable": "const VERSION",
382
+        "subdir": 4,
383
+        "extra_match": "Bolt's"
384
+      }
385
+    ]
386
+  }
387
+]
0 388
\ No newline at end of file
1 389
deleted file mode 100644
... ...
@@ -1,7 +0,0 @@
1
-[vtigerCRM]
2
-url=http://www.vtiger.de
3
-safe=5.3.0
4
-vuln=CVE-2011-4670
5
-file=vtigerversion.php
6
-variable=$vtiger_current_version
7
-subdir=0
8 0
new file mode 100644
... ...
@@ -0,0 +1,15 @@
1
+[
2
+  {
3
+    "name": "vtigerCRM",
4
+    "url": "http://www.vtiger.de",
5
+    "safe": "5.3.0",
6
+    "vuln": "CVE-2011-4670",
7
+    "detection": [
8
+      {
9
+        "file": "vtigerversion.php",
10
+        "variable": "$vtiger_current_version",
11
+        "subdir": 0
12
+      }
13
+    ]
14
+  }
15
+]
0 16
\ No newline at end of file
1 17
deleted file mode 100644
... ...
@@ -1,65 +0,0 @@
1
-[Phormer]
2
-url=http://p.horm.org/er/
3
-safe=
4
-vuln=CVE-2007-5013
5
-file=funcs.php
6
-variable=PHORMER_VERSION
7
-subdir=0
8
-
9
-[Gallery2]
10
-url=http://gallery.menalto.com/
11
-safe=2.3.2
12
-vuln=CVE-2012-1113
13
-file=module.inc
14
-variable=setGalleryVersion
15
-subdir=2
16
-
17
-[Gallery3]
18
-url=http://gallery.menalto.com/
19
-safe=3.0.9
20
-vuln=http://galleryproject.org/gallery_3_0_9
21
-file=gallery.php
22
-variable=const VERSION
23
-subdir=3
24
-
25
-[Coppermine]
26
-url=http://coppermine-gallery.net/
27
-safe=1.5.28
28
-vuln=CVE-2014-4612
29
-file=versioncheck.php
30
-variable=Coppermine version
31
-subdir=0
32
-
33
-[Piwigo/PhpWebGallery]
34
-url=http://www.phpwebgallery.net/
35
-safe=2.6.3
36
-vuln=CVE-2014-4648
37
-file=constants.php
38
-variable=PHPWG_VERSION
39
-subdir=1
40
-
41
-[LinPHA]
42
-url=http://linpha.sourceforge.net
43
-safe=1.3.4
44
-vuln=CVE-2008-1856
45
-file=upgrade.php
46
-variable=$version
47
-subdir=1
48
-extra_match=$inst_linpha_not_work_correctly
49
-
50
-[mig]
51
-url=http://mig.sourceforge.net/
52
-safe=1.5.0
53
-vuln=CVE-2005-2603
54
-file=index.php
55
-variable=$version
56
-subdir=0
57
-extra_match=Mig - A general purpose photo gallery management system.
58
-
59
-[zenphoto]
60
-url=http://www.zenphoto.org/
61
-safe=1.4.5.4
62
-vuln=CVE-2013-7242
63
-file=version.php
64
-variable=define('ZENPHOTO_VERSION'
65
-subdir=1
66 0
new file mode 100644
... ...
@@ -0,0 +1,108 @@
1
+[
2
+  {
3
+    "name": "Phormer",
4
+    "url": "http://p.horm.org/er/",
5
+    "safe": "",
6
+    "vuln": "CVE-2007-5013",
7
+    "detection": [
8
+      {
9
+        "file": "funcs.php",
10
+        "variable": "PHORMER_VERSION",
11
+        "subdir": 0
12
+      }
13
+    ]
14
+  },
15
+  {
16
+    "name": "Gallery2",
17
+    "url": "http://gallery.menalto.com/",
18
+    "safe": "2.3.2",
19
+    "vuln": "CVE-2012-1113",
20
+    "detection": [
21
+      {
22
+        "file": "module.inc",
23
+        "variable": "setGalleryVersion",
24
+        "subdir": 2
25
+      }
26
+    ]
27
+  },
28
+  {
29
+    "name": "Gallery3",
30
+    "url": "http://gallery.menalto.com/",
31
+    "safe": "3.0.9",
32
+    "vuln": "http://galleryproject.org/gallery_3_0_9",
33
+    "detection": [
34
+      {
35
+        "file": "gallery.php",
36
+        "variable": "const VERSION",
37
+        "subdir": 3
38
+      }
39
+    ]
40
+  },
41
+  {
42
+    "name": "Coppermine",
43
+    "url": "http://coppermine-gallery.net/",
44
+    "safe": "1.5.28",
45
+    "vuln": "CVE-2014-4612",
46
+    "detection": [
47
+      {
48
+        "file": "versioncheck.php",
49
+        "variable": "Coppermine version",
50
+        "subdir": 0
51
+      }
52
+    ]
53
+  },
54
+  {
55
+    "name": "Piwigo/PhpWebGallery",
56
+    "url": "http://www.phpwebgallery.net/",
57
+    "safe": "2.6.3",
58
+    "vuln": "CVE-2014-4648",
59
+    "detection": [
60
+      {
61
+        "file": "constants.php",
62
+        "variable": "PHPWG_VERSION",
63
+        "subdir": 1
64
+      }
65
+    ]
66
+  },
67
+  {
68
+    "name": "LinPHA",
69
+    "url": "http://linpha.sourceforge.net",
70
+    "safe": "1.3.4",
71
+    "vuln": "CVE-2008-1856",
72
+    "detection": [
73
+      {
74
+        "file": "upgrade.php",
75
+        "variable": "$version",
76
+        "subdir": 1,
77
+        "extra_match": "$inst_linpha_not_work_correctly"
78
+      }
79
+    ]
80
+  },
81
+  {
82
+    "name": "mig",
83
+    "url": "http://mig.sourceforge.net/",
84
+    "safe": "1.5.0",
85
+    "vuln": "CVE-2005-2603",
86
+    "detection": [
87
+      {
88
+        "file": "index.php",
89
+        "variable": "$version",
90
+        "subdir": 0,
91
+        "extra_match": "Mig - A general purpose photo gallery management system."
92
+      }
93
+    ]
94
+  },
95
+  {
96
+    "name": "zenphoto",
97
+    "url": "http://www.zenphoto.org/",
98
+    "safe": "1.4.5.4",
99
+    "vuln": "CVE-2013-7242",
100
+    "detection": [
101
+      {
102
+        "file": "version.php",
103
+        "variable": "define('ZENPHOTO_VERSION'",
104
+        "subdir": 1
105
+      }
106
+    ]
107
+  }
108
+]
0 109
\ No newline at end of file
1 110
deleted file mode 100644
... ...
@@ -1,9 +0,0 @@
1
-[NetRisk]
2
-url=http://phprisk.org/
3
-safe=
4
-latest=1.9.7
5
-vuln=CVE-2008-0144
6
-file=install.php
7
-variable=$version
8
-subdir=0
9
-extra_match=NetRisk - Setup
10 0
new file mode 100644
... ...
@@ -0,0 +1,17 @@
1
+[
2
+  {
3
+    "name": "NetRisk",
4
+    "url": "http://phprisk.org/",
5
+    "safe": "",
6
+    "vuln": "CVE-2008-0144",
7
+    "latest": "1.9.7",
8
+    "detection": [
9
+      {
10
+        "file": "install.php",
11
+        "variable": "$version",
12
+        "subdir": 0,
13
+        "extra_match": "NetRisk - Setup"
14
+      }
15
+    ]
16
+  }
17
+]
0 18
\ No newline at end of file
1 19
deleted file mode 100644
... ...
@@ -1,33 +0,0 @@
1
-[Horde-groupware]
2
-url=http://www.horde.org/
3
-file=bundle.php
4
-variable=BUNDLE_VERSION
5
-extra_match='Horde Groupware'
6
-safe=1.2.5
7
-vuln=CVE-2009-3701
8
-subdir=1
9
-
10
-[eGroupWare]
11
-url=http://www.egroupware.org/
12
-safe=1.8.006
13
-vuln=CVE-2014-2027
14
-file=setup.inc.php
15
-variable=$setup_info['phpgwapi']['version']
16
-subdir=2
17
-
18
-[more.groupware]
19
-url=http://www.moregroupware.com/
20
-safe=
21
-vuln=CVE-2006-4906
22
-file=version.inc.php
23
-variable=$gwversion_number
24
-subdir=1
25
-
26
-[SimpleGroupware]
27
-url=http://www.simple-groupware.de/
28
-safe=0.607
29
-latest=0.724
30
-vuln=http://www.simple-groupware.de/cms/Release-0-607
31
-file=setup.php
32
-variable=define("CORE_VERSION_STRING"
33
-subdir=2
34 0
new file mode 100644
... ...
@@ -0,0 +1,56 @@
1
+[
2
+  {
3
+    "name": "Horde-groupware",
4
+    "url": "http://www.horde.org/",
5
+    "safe": "1.2.5",
6
+    "vuln": "CVE-2009-3701",
7
+    "detection": [
8
+      {
9
+        "file": "bundle.php",
10
+        "variable": "BUNDLE_VERSION",
11
+        "subdir": 1,
12
+        "extra_match": "'Horde Groupware'"
13
+      }
14
+    ]
15
+  },
16
+  {
17
+    "name": "eGroupWare",
18
+    "url": "http://www.egroupware.org/",
19
+    "safe": "1.8.006",
20
+    "vuln": "CVE-2014-2027",
21
+    "detection": [
22
+      {
23
+        "file": "setup.inc.php",
24
+        "variable": "$setup_info['phpgwapi']['version']",
25
+        "subdir": 2
26
+      }
27
+    ]
28
+  },
29
+  {
30
+    "name": "more.groupware",
31
+    "url": "http://www.moregroupware.com/",
32
+    "safe": "",
33
+    "vuln": "CVE-2006-4906",
34
+    "detection": [
35
+      {
36
+        "file": "version.inc.php",
37
+        "variable": "$gwversion_number",
38
+        "subdir": 1
39
+      }
40
+    ]
41
+  },
42
+  {
43
+    "name": "SimpleGroupware",
44
+    "url": "http://www.simple-groupware.de/",
45
+    "safe": "0.607",
46
+    "vuln": "http://www.simple-groupware.de/cms/Release-0-607",
47
+    "latest": "0.724",
48
+    "detection": [
49
+      {
50
+        "file": "setup.php",
51
+        "variable": "define(\"CORE_VERSION_STRING\"",
52
+        "subdir": 2
53
+      }
54
+    ]
55
+  }
56
+]
0 57
\ No newline at end of file
1 58
deleted file mode 100644
... ...
@@ -1,17 +0,0 @@
1
-[DRBGuestbook]
2
-url=http://www.dbscripts.net/guestbook/
3
-safe=1.1.14
4
-vuln=CVE-2007-5218
5
-file=README.txt
6
-variable=Version
7
-extra_match=DRBGuestbook
8
-subdir=0
9
-
10
-[SimpGB]
11
-url=http://www.boesch-it.de/
12
-safe=1.47.0
13
-vuln=CVE-2007-5127
14
-file=global.inc.php
15
-variable=$version
16
-subdir=1
17
-extra_match=$path_simpgb
18 0
new file mode 100644
... ...
@@ -0,0 +1,30 @@
1
+[
2
+  {
3
+    "name": "DRBGuestbook",
4
+    "url": "http://www.dbscripts.net/guestbook/",
5
+    "safe": "1.1.14",
6
+    "vuln": "CVE-2007-5218",
7
+    "detection": [
8
+      {
9
+        "file": "README.txt",
10
+        "variable": "Version",
11
+        "subdir": 0,
12
+        "extra_match": "DRBGuestbook"
13
+      }
14
+    ]
15
+  },
16
+  {
17
+    "name": "SimpGB",
18
+    "url": "http://www.boesch-it.de/",
19
+    "safe": "1.47.0",
20
+    "vuln": "CVE-2007-5127",
21
+    "detection": [
22
+      {
23
+        "file": "global.inc.php",
24
+        "variable": "$version",
25
+        "subdir": 1,
26
+        "extra_match": "$path_simpgb"
27
+      }
28
+    ]
29
+  }
30
+]
0 31
\ No newline at end of file
1 32
deleted file mode 100644
... ...
@@ -1,30 +0,0 @@
1
-[jquery-min]
2
-url=https://jquery.com/
3
-safe=3.4.0
4
-vuln=CVE-2019-11358
5
-latest=3.4.1
6
-file=jquery.min.js
7
-subdir=0
8
-variable=/*! jQuery
9
-thirdparty=yes
10
-
11
-[jquery]
12
-url=https://jquery.com/
13
-safe=3.4.0
14
-vuln=CVE-2019-11358
15
-latest=3.4.1
16
-file=jquery.js
17
-subdir=0
18
-variable=/*! jQuery
19
-thirdparty=yes
20
-
21
-[bootstrap]
22
-url=https://getbootstrap.com/
23
-safe=4.3.1
24
-old_safe=3.4.1
25
-vuln=CVE-2019-8331
26
-latest=3.4.1
27
-file=bootstrap.min.css
28
-subdir=0
29
-variable=* Bootstrap v
30
-thirdparty=yes
31 0
new file mode 100644
... ...
@@ -0,0 +1,48 @@
1
+[
2
+  {
3
+    "name": "jquery-min",
4
+    "url": "https://jquery.com/",
5
+    "safe": "3.4.0",
6
+    "vuln": "CVE-2019-11358",
7
+    "latest": "3.4.1",
8
+    "thirdparty": "yes",
9
+    "detection": [
10
+      {
11
+        "file": "jquery.min.js",
12
+        "variable": "/*! jQuery",
13
+        "subdir": 0
14
+      }
15
+    ]
16
+  },
17
+  {
18
+    "name": "jquery",
19
+    "url": "https://jquery.com/",
20
+    "safe": "3.4.0",
21
+    "vuln": "CVE-2019-11358",
22
+    "latest": "3.4.1",
23
+    "thirdparty": "yes",
24
+    "detection": [
25
+      {
26
+        "file": "jquery.js",
27
+        "variable": "/*! jQuery",
28
+        "subdir": 0
29
+      }
30
+    ]
31
+  },
32
+  {
33
+    "name": "bootstrap",
34
+    "url": "https://getbootstrap.com/",
35
+    "safe": "4.3.1",
36
+    "old_safe": "3.4.1",
37
+    "vuln": "CVE-2019-8331",
38
+    "latest": "3.4.1",
39
+    "thirdparty": "yes",
40
+    "detection": [
41
+      {
42
+        "file": "bootstrap.min.css",
43
+        "variable": "* Bootstrap v",
44
+        "subdir": 0
45
+      }
46
+    ]
47
+  }
48
+]
0 49
\ No newline at end of file
1 50
deleted file mode 100644
... ...
@@ -1,8 +0,0 @@
1
-[cpDynaLinks]
2
-url=https://web.archive.org/web/20160423004721/http://www.cplinks.com/cpdynalinks/
3
-latest=1.02
4
-safe=
5
-vuln=CVE-2007-5408
6
-file=version.php
7
-variable=$cplinks_version
8
-subdir=0
9 0
new file mode 100644
... ...
@@ -0,0 +1,16 @@
1
+[
2
+  {
3
+    "name": "cpDynaLinks",
4
+    "url": "https://web.archive.org/web/20160423004721/http://www.cplinks.com/cpdynalinks/",
5
+    "safe": "",
6
+    "vuln": "CVE-2007-5408",
7
+    "latest": "1.02",
8
+    "detection": [
9
+      {
10
+        "file": "version.php",
11
+        "variable": "$cplinks_version",
12
+        "subdir": 0
13
+      }
14
+    ]
15
+  }
16
+]
0 17
\ No newline at end of file
1 18
deleted file mode 100644
... ...
@@ -1,418 +0,0 @@
1
-[phpMyAdmin-veryold]
2
-url=https://www.phpmyadmin.net/
3
-safe=4.9.2
4
-vuln=CVE-2019-18622
5
-file=Config.class.php
6
-variable=PMA_VERSION
7
-subdir=1
8
-
9
-[phpMyAdmin-old]
10
-url=https://www.phpmyadmin.net/
11
-safe=4.9.2
12
-vuln=CVE-2019-18622
13
-file=Config.php
14
-variable=PMA_VERSION
15
-subdir=1
16
-extra_match=namespace PMA\libraries;
17
-
18
-[phpMyAdmin]
19
-url=https://www.phpmyadmin.net/
20
-safe=4.9.2
21
-vuln=CVE-2019-18622
22
-file=Config.php
23
-variable=PMA_VERSION
24
-subdir=2
25
-extra_match=namespace PhpMyAdmin;
26
-
27
-[SquirrelMail]
28
-url=https://squirrelmail.org/
29
-safe=1.4.22
30
-vuln=CVE-2010-4554
31
-file=strings.php
32
-variable=$version
33
-extra_match=SquirrelMail version number
34
-subdir=1
35
-
36
-[Mantis-deprecated]
37
-url=https://mantisbt.org/
38
-safe=2.22.1
39
-vuln=CVE-2019-15715
40
-file=config_defaults_inc.php
41
-variable=$g_mantis_version
42
-subdir=0
43
-
44
-[Mantis]
45
-url=https://mantisbt.org/
46
-safe=2.22.1
47
-vuln=CVE-2019-15715
48
-file=constant_inc.php
49
-variable=MANTIS_VERSION
50
-subdir=1
51
-
52
-[Bugzilla3]
53
-url=https://www.bugzilla.org/
54
-safe=4.4.7
55
-old_safe=4.2.12,4.0.16
56
-vuln=CVE-2011-2379
57
-file=Constants.pm
58
-variable=BUGZILLA_VERSION
59
-subdir=1
60
-
61
-[Bugzilla2]
62
-url=https://www.bugzilla.org/
63
-safe=4.4.7
64
-old_safe=4.2.12,4.0.16
65
-vuln=CVE-2011-2379
66
-file=Config.pm
67
-variable=$Bugzilla::Config::VERSION
68
-subdir=1
69
-
70
-[SimpNews]
71
-url=http://www.boesch-it.de
72
-safe=2.48
73
-vuln=CVE-2010-2858
74
-file=global.inc.php
75
-variable=$version 
76
-subdir=1
77
-extra_match=$path_simpnews
78
-
79
-[calendarix]
80
-url=http://www.calendarix.com/
81
-safe=     
82
-vuln=CVE-2007-3183
83
-file=cal_config.inc.php
84
-variable=$version
85
-subdir=0
86
-
87
-[myEvent]
88
-url=http://mywebland.com/
89
-safe=     
90
-vuln=CVE-2007-0690
91
-file=config.php
92
-variable=$version
93
-extra_match=$eventbgcolor
94
-subdir=0
95
-
96
-[php-stats]
97
-url=http://php-stats.com/
98
-safe=
99
-vuln=CVE-2007-5453
100
-file=update.php
101
-variable=$version
102
-extra_match=http://php-stats.com/
103
-subdir=0
104
-
105
-[Ampache]
106
-url=http://ampache.org/
107
-safe=3.5.3
108
-vuln=http://ampache.org/2009/12/20/3-5-3-security-release/
109
-file=init.php
110
-variable=$results['version']
111
-subdir=1
112
-extra_match=$ampache_path
113
-
114
-[SiteBar]
115
-url=http://sitebar.org/
116
-safe=3.3.9
117
-vuln=CVE-2007-5492
118
-file=database.inc.php
119
-variable=SB_CURRENT_RELEASE
120
-subdir=1
121
-
122
-[phpPgAdmin]
123
-url=http://phppgadmin.sourceforge.net/
124
-safe=5.0.4
125
-vuln=CVE-2012-1600
126
-file=lib.inc.php
127
-variable=$appVersion
128
-subdir=1
129
-extra_match=phpPgAdmin
130
-
131
-[FTP Admin]
132
-url=http://ftpadmin.sourceforge.net/
133
-safe=
134
-vuln=CVE-2007-6234
135
-file=session_start.php
136
-variable=VERSION
137
-subdir=0
138
-extra_match=define("TITLE", "FTP Admin");
139
-
140
-[RoundCube-deprecated]
141
-url=https://roundcube.net
142
-safe=1.3.10
143
-vuln=CVE-2019-10740
144
-file=index.php
145
-variable=RCMAIL_VERSION
146
-subdir=0
147
-
148
-[RoundCube]
149
-url=https://roundcube.net
150
-safe=1.3.10
151
-vuln=CVE-2019-10740
152
-file=iniset.php
153
-variable=RCMAIL_VERSION
154
-subdir=2
155
-
156
-[Moodle]
157
-url=https://moodle.org/
158
-safe=3.2.2
159
-old_safe=3.1.5,3.0.9,2.7.19
160
-vuln=CVE-2017-2641
161
-file=version.php
162
-variable=$release
163
-subdir=0
164
-extra_match=MOODLE VERSION INFORMATION
165
-
166
-[cacti]
167
-url=http://www.cacti.net/
168
-safe=0.8.7
169
-vuln=CVE-2007-6035
170
-file=global.php
171
-variable=$config["cacti_version"]
172
-subdir=1
173
-
174
-[gnopaste]
175
-url=http://gnopaste.sf.net/
176
-safe=0.5.4
177
-vuln=CVE-2006-2834
178
-file=install.php
179
-variable=$_SESSION['page_title'] = 'gnopaste
180
-subdir=0
181
-
182
-[Flyspray]
183
-url=http://www.flyspray.org/
184
-safe=0.9.9.7
185
-vuln=CVE-2012-1058
186
-file=class.flyspray.php
187
-variable=var $version
188
-subdir=1
189
-
190
-[phpMyID]
191
-url=http://siege.org/projects/phpMyID
192
-safe=
193
-vuln=CVE-2008-4730
194
-file=MyID.php
195
-variable=@version
196
-subdir=0
197
-
198
-[phplist-old]
199
-url=http://www.phplist.com/
200
-safe=3.2.7
201
-vuln=CVE-2016-10045
202
-file=connect.php
203
-variable=define("VERSION"
204
-subdir=1
205
-
206
-[phplist]
207
-url=http://www.phplist.com/
208
-safe=3.2.7
209
-vuln=CVE-2016-10045
210
-file=init.php
211
-variable=define("VERSION"
212
-subdir=1
213
-
214
-[Piwik]
215
-url=https://matomo.org/
216
-safe=3.12.0
217
-vuln=https://matomo.org/changelog/matomo-3-12-0/
218
-file=Version.php
219
-variable=const VERSION
220
-subdir=1
221
-extra_match=@link http://piwik.org
222
-
223
-[Matomo]
224
-url=https://matomo.org/
225
-safe=3.12.0
226
-latest=3.13.0
227
-vuln=https://matomo.org/changelog/matomo-3-12-0/
228
-file=Version.php
229
-variable=const VERSION
230
-subdir=1
231
-extra_match=@link https://matomo.org
232
-
233
-[phpWishlist]
234
-url=http://phpwishlist.sourceforge.net/
235
-safe=0.1.15
236
-vuln=CVE-2005-2203
237
-file=header.inc.php
238
-variable=$version
239
-subdir=1
240
-extra_match=* Wishlist -
241
-
242
-[awstats]
243
-url=http://awstats.sourceforge.net/
244
-safe=7.1
245
-vuln=CVE-2012-4547
246
-file=awstats.pl
247
-variable=$VERSION  =
248
-subdir=0
249
-
250
-[phpMyFAQ]
251
-url=http://www.phpmyfaq.de/
252
-safe=2.5.5
253
-vuln=http://www.phpmyfaq.de/advisory_2009-12-01.php
254
-file=phpmyfaq.spec
255
-variable=version
256
-subdir=1
257
-
258
-[Horde-webmail]
259
-url=http://www.horde.org/
260
-file=bundle.php
261
-variable=BUNDLE_VERSION
262
-extra_match='Horde Groupware Webmail Edition'
263
-safe=1.2.7
264
-vuln=http://secunia.com/advisories/39860
265
-subdir=1
266
-
267
-[ResourceSpace]
268
-url=http://www.resourcespace.org/
269
-file=version.php
270
-variable=$productname='ResourceSpace';$productversion
271
-safe=4.2.2833
272
-latest=4.3.2912
273
-vuln=CVE-2011-4311
274
-subdir=1
275
-
276
-[apc.php]
277
-url=http://pecl.php.net/package/APC
278
-file=apc.php
279
-# this does not contain it's "real" version number, using the CVS id
280
-# instead - there's been an XSS pre 3.1.4.
281
-variable=$VERSION='$Id: apc.php
282
-safe=301867
283
-vuln=CVE-2010-3294
284
-subdir=0
285
-
286
-[webtrees]
287
-url=http://webtrees.net/
288
-file=session.php
289
-variable=define('WT_VERSION'
290
-safe=1.2.4
291
-latest=1.2.4
292
-vuln=http://webtrees.net/en/forums/2-open-discussion/16423-webtrees-124
293
-subdir=1
294
-
295
-[PhpGedView]
296
-url=http://phpgedview.sourceforge.net/
297
-file=session.php
298
-variable=define('PGV_VERSION'
299
-safe=
300
-vuln=CVE-2011-0405
301
-subdir=1
302
-
303
-[status.net]
304
-url=http://status.net
305
-file=common.php
306
-variable=define('STATUSNET_BASE_VERSION'
307
-safe=0.9.9
308
-vuln=CVE-2011-3370
309