Browse code

update gitlist / RCE

Hanno authored on01/08/2019 15:22:32
Showing1 changed files
... ...
@@ -405,7 +405,7 @@ subdir=0
405 405
 url=http://gitlist.org/
406 406
 file=footer.twig
407 407
 variable=Powered by
408
-safe=0.5.0
409
-latest=0.6.0
410
-vuln=CVE-2014-4511
408
+safe=0.7.0
409
+latest=1.0.2
410
+vuln=https://security.szurek.pl/exploit-bypass-php-escapeshellarg-escapeshellcmd.html
411 411
 subdir=3
Browse code

mantis update

Hanno authored on14/06/2019 10:18:28
Showing1 changed files
... ...
@@ -36,16 +36,16 @@ subdir=1
36 36
 # old mantis versions behave different
37 37
 [Mantis-deprecated]
38 38
 url=https://mantisbt.org/
39
-safe=2.17.1
40
-vuln=CVE-2018-16514
39
+safe=2.20.1
40
+vuln=CVE-2019-10905
41 41
 file=config_defaults_inc.php
42 42
 variable=$g_mantis_version
43 43
 subdir=0
44 44
 
45 45
 [Mantis]
46 46
 url=https://mantisbt.org/
47
-safe=2.17.1
48
-vuln=CVE-2018-16514
47
+safe=2.20.1
48
+vuln=CVE-2019-10905
49 49
 file=constant_inc.php
50 50
 variable=MANTIS_VERSION
51 51
 subdir=1
Browse code

pma update

Hanno authored on14/06/2019 10:01:10
Showing1 changed files
... ...
@@ -1,15 +1,15 @@
1 1
 [phpMyAdmin-veryold]
2 2
 url=https://www.phpmyadmin.net/
3
-safe=4.8.5
4
-vuln=CVE-2019-6798
3
+safe=4.9.0
4
+vuln=CVE-2019-12616
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9 9
 [phpMyAdmin-old]
10 10
 url=https://www.phpmyadmin.net/
11
-safe=4.8.5
12
-vuln=CVE-2019-6798
11
+safe=4.9.0
12
+vuln=CVE-2019-12616
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
15 15
 subdir=1
... ...
@@ -17,8 +17,8 @@ extra_match=namespace PMA\libraries;
17 17
 
18 18
 [phpMyAdmin]
19 19
 url=https://www.phpmyadmin.net/
20
-safe=4.8.5
21
-vuln=CVE-2019-6798
20
+safe=4.9.0
21
+vuln=CVE-2019-12616
22 22
 file=Config.php
23 23
 variable=PMA_VERSION
24 24
 subdir=2
Browse code

nextcloud udpate

Hanno authored on23/04/2019 10:35:06
Showing1 changed files
... ...
@@ -339,8 +339,9 @@ subdir=1
339 339
 url=https://nextcloud.com
340 340
 file=version.php
341 341
 variable=$OC_VersionString
342
-vuln=CVE-2018-3780
343
-safe=13.0.5
342
+vuln=https://nextcloud.com/security/advisory/?id=NC-SA-2019-003
343
+safe=15.0.0
344
+old_safe=14.0.5,13.0.9
344 345
 subdir=0
345 346
 extra_match=$vendor = 'nextcloud';
346 347
 
Browse code

change some more URLs to https

Hanno authored on23/03/2019 21:52:45
Showing1 changed files
... ...
@@ -1,5 +1,5 @@
1 1
 [phpMyAdmin-veryold]
2
-url=http://www.phpmyadmin.net/
2
+url=https://www.phpmyadmin.net/
3 3
 safe=4.8.5
4 4
 vuln=CVE-2019-6798
5 5
 file=Config.class.php
... ...
@@ -7,7 +7,7 @@ variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9 9
 [phpMyAdmin-old]
10
-url=http://www.phpmyadmin.net/
10
+url=https://www.phpmyadmin.net/
11 11
 safe=4.8.5
12 12
 vuln=CVE-2019-6798
13 13
 file=Config.php
... ...
@@ -16,7 +16,7 @@ subdir=1
16 16
 extra_match=namespace PMA\libraries;
17 17
 
18 18
 [phpMyAdmin]
19
-url=http://www.phpmyadmin.net/
19
+url=https://www.phpmyadmin.net/
20 20
 safe=4.8.5
21 21
 vuln=CVE-2019-6798
22 22
 file=Config.php
... ...
@@ -25,7 +25,7 @@ subdir=2
25 25
 extra_match=namespace PhpMyAdmin;
26 26
 
27 27
 [SquirrelMail]
28
-url=http://www.squirrelmail.org/
28
+url=https://squirrelmail.org/
29 29
 safe=1.4.22
30 30
 vuln=CVE-2010-4554
31 31
 file=strings.php
... ...
@@ -51,7 +51,7 @@ variable=MANTIS_VERSION
51 51
 subdir=1
52 52
 
53 53
 [Bugzilla3]
54
-url=http://www.bugzilla.org/
54
+url=https://www.bugzilla.org/
55 55
 safe=4.4.7
56 56
 old_safe=4.2.12,4.0.16
57 57
 vuln=CVE-2011-2379
... ...
@@ -60,7 +60,7 @@ variable=BUGZILLA_VERSION
60 60
 subdir=1
61 61
 
62 62
 [Bugzilla2]
63
-url=http://www.bugzilla.org/
63
+url=https://www.bugzilla.org/
64 64
 safe=4.4.7
65 65
 old_safe=4.2.12,4.0.16
66 66
 vuln=CVE-2011-2379
... ...
@@ -139,7 +139,7 @@ subdir=0
139 139
 extra_match=define("TITLE", "FTP Admin");
140 140
 
141 141
 [RoundCube-deprecated]
142
-url=http://roundcube.net
142
+url=https://roundcube.net
143 143
 safe=1.3.8
144 144
 vuln=CVE-2018-19206
145 145
 file=index.php
... ...
@@ -147,7 +147,7 @@ variable=RCMAIL_VERSION
147 147
 subdir=0
148 148
 
149 149
 [RoundCube]
150
-url=http://roundcube.net
150
+url=https://roundcube.net
151 151
 safe=1.3.8
152 152
 vuln=CVE-2018-19206
153 153
 file=iniset.php
... ...
@@ -155,7 +155,7 @@ variable=RCMAIL_VERSION
155 155
 subdir=2
156 156
 
157 157
 [Moodle]
158
-url=http://www.moodle.org/
158
+url=https://moodle.org/
159 159
 safe=3.2.2
160 160
 old_safe=3.1.5,3.0.9,2.7.19
161 161
 vuln=CVE-2017-2641
Browse code

phpmyadmin update

Hanno authored on27/01/2019 09:11:48
Showing1 changed files
... ...
@@ -1,15 +1,15 @@
1 1
 [phpMyAdmin-veryold]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.8.4
4
-vuln=CVE-2018-19968
3
+safe=4.8.5
4
+vuln=CVE-2019-6798
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9 9
 [phpMyAdmin-old]
10 10
 url=http://www.phpmyadmin.net/
11
-safe=4.8.4
12
-vuln=CVE-2018-19968
11
+safe=4.8.5
12
+vuln=CVE-2019-6798
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
15 15
 subdir=1
... ...
@@ -17,8 +17,8 @@ extra_match=namespace PMA\libraries;
17 17
 
18 18
 [phpMyAdmin]
19 19
 url=http://www.phpmyadmin.net/
20
-safe=4.8.4
21
-vuln=CVE-2018-19968
20
+safe=4.8.5
21
+vuln=CVE-2019-6798
22 22
 file=Config.php
23 23
 variable=PMA_VERSION
24 24
 subdir=2
Browse code

pma update

Hanno authored on11/12/2018 16:29:51
Showing1 changed files
... ...
@@ -1,15 +1,15 @@
1 1
 [phpMyAdmin-veryold]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.8.3
4
-vuln=CVE-2018-15605
3
+safe=4.8.4
4
+vuln=CVE-2018-19968
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9 9
 [phpMyAdmin-old]
10 10
 url=http://www.phpmyadmin.net/
11
-safe=4.8.3
12
-vuln=CVE-2018-15605
11
+safe=4.8.4
12
+vuln=CVE-2018-19968
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
15 15
 subdir=1
... ...
@@ -17,8 +17,8 @@ extra_match=namespace PMA\libraries;
17 17
 
18 18
 [phpMyAdmin]
19 19
 url=http://www.phpmyadmin.net/
20
-safe=4.8.3
21
-vuln=CVE-2018-15605
20
+safe=4.8.4
21
+vuln=CVE-2018-19968
22 22
 file=Config.php
23 23
 variable=PMA_VERSION
24 24
 subdir=2
Browse code

roundcube xss

Hanno authored on27/11/2018 17:08:00
Showing1 changed files
... ...
@@ -140,16 +140,16 @@ extra_match=define("TITLE", "FTP Admin");
140 140
 
141 141
 [RoundCube-deprecated]
142 142
 url=http://roundcube.net
143
-safe=1.3.7
144
-vuln=https://roundcube.net/news/2018/07/27/update-1.3.7-released
143
+safe=1.3.8
144
+vuln=CVE-2018-19206
145 145
 file=index.php
146 146
 variable=RCMAIL_VERSION
147 147
 subdir=0
148 148
 
149 149
 [RoundCube]
150 150
 url=http://roundcube.net
151
-safe=1.3.7
152
-vuln=https://roundcube.net/news/2018/07/27/update-1.3.7-released
151
+safe=1.3.8
152
+vuln=CVE-2018-19206
153 153
 file=iniset.php
154 154
 variable=RCMAIL_VERSION
155 155
 subdir=2
Browse code

nextcloud update

Hanno authored on27/09/2018 16:13:48
Showing1 changed files
... ...
@@ -339,9 +339,8 @@ subdir=1
339 339
 url=https://nextcloud.com
340 340
 file=version.php
341 341
 variable=$OC_VersionString
342
-vuln=CVE-2017-0936
343
-safe=12.0.5
344
-old_safe=11.0.7
342
+vuln=CVE-2018-3780
343
+safe=13.0.5
345 344
 subdir=0
346 345
 extra_match=$vendor = 'nextcloud';
347 346
 
Browse code

owncloud update

Hanno authored on27/09/2018 16:12:33
Showing1 changed files
... ...
@@ -349,9 +349,9 @@ extra_match=$vendor = 'nextcloud';
349 349
 url=http://owncloud.org/
350 350
 file=version.php
351 351
 variable=$OC_VersionString
352
-vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-003
353
-safe=9.1.3
354
-old_safe=9.0.8,8.2.10,8.1.12
352
+vuln=CVE-2017-8896
353
+safe=10.0.2
354
+old_safe=9.1.6,9.0.10,8.2.12
355 355
 subdir=0
356 356
 extra_nomatch=nextcloud
357 357
 
... ...
@@ -361,9 +361,9 @@ file=util.php
361 361
 variable=return '
362 362
 subdir=1
363 363
 extra_match=class OC_Util
364
-vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-003
365
-safe=9.1.3
366
-old_safe=9.0.8,8.2.10,8.1.12
364
+vuln=CVE-2017-8896
365
+safe=10.0.2
366
+old_safe=9.1.6,9.0.10,8.2.12
367 367
 
368 368
 [videodb]
369 369
 url=http://www.videodb.net/
Browse code

mantis update

Hanno authored on27/09/2018 09:13:14
Showing1 changed files
... ...
@@ -36,16 +36,16 @@ subdir=1
36 36
 # old mantis versions behave different
37 37
 [Mantis-deprecated]
38 38
 url=https://mantisbt.org/
39
-safe=2.15.1
40
-vuln=CVE-2018-13055
39
+safe=2.17.1
40
+vuln=CVE-2018-16514
41 41
 file=config_defaults_inc.php
42 42
 variable=$g_mantis_version
43 43
 subdir=0
44 44
 
45 45
 [Mantis]
46 46
 url=https://mantisbt.org/
47
-safe=2.15.1
48
-vuln=CVE-2018-13055
47
+safe=2.17.1
48
+vuln=CVE-2018-16514
49 49
 file=constant_inc.php
50 50
 variable=MANTIS_VERSION
51 51
 subdir=1
Browse code

pma update

Hanno authored on23/08/2018 08:36:05
Showing1 changed files
... ...
@@ -1,15 +1,15 @@
1 1
 [phpMyAdmin-veryold]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.8.2
4
-vuln=CVE-2018-12613
3
+safe=4.8.3
4
+vuln=CVE-2018-15605
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9 9
 [phpMyAdmin-old]
10 10
 url=http://www.phpmyadmin.net/
11
-safe=4.8.2
12
-vuln=CVE-2018-12613
11
+safe=4.8.3
12
+vuln=CVE-2018-15605
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
15 15
 subdir=1
... ...
@@ -17,8 +17,8 @@ extra_match=namespace PMA\libraries;
17 17
 
18 18
 [phpMyAdmin]
19 19
 url=http://www.phpmyadmin.net/
20
-safe=4.8.2
21
-vuln=CVE-2018-12613
20
+safe=4.8.3
21
+vuln=CVE-2018-15605
22 22
 file=Config.php
23 23
 variable=PMA_VERSION
24 24
 subdir=2
Browse code

swap phpMyAdmin/phpMyAdmin-old, they were mixed up

Hanno authored on30/07/2018 20:20:32
Showing1 changed files
... ...
@@ -6,7 +6,7 @@ file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9
-[phpMyAdmin]
9
+[phpMyAdmin-old]
10 10
 url=http://www.phpmyadmin.net/
11 11
 safe=4.8.2
12 12
 vuln=CVE-2018-12613
... ...
@@ -15,7 +15,7 @@ variable=PMA_VERSION
15 15
 subdir=1
16 16
 extra_match=namespace PMA\libraries;
17 17
 
18
-[phpMyAdmin-old]
18
+[phpMyAdmin]
19 19
 url=http://www.phpmyadmin.net/
20 20
 safe=4.8.2
21 21
 vuln=CVE-2018-12613
Browse code

update mantis + roundcube

Hanno authored on30/07/2018 08:49:06
Showing1 changed files
... ...
@@ -36,18 +36,16 @@ subdir=1
36 36
 # old mantis versions behave different
37 37
 [Mantis-deprecated]
38 38
 url=https://mantisbt.org/
39
-safe=2.10.1
40
-old_safe=1.3.14
41
-vuln=https://mantisbt.org/blog/archives/mantisbt/572
39
+safe=2.15.1
40
+vuln=CVE-2018-13055
42 41
 file=config_defaults_inc.php
43 42
 variable=$g_mantis_version
44 43
 subdir=0
45 44
 
46 45
 [Mantis]
47 46
 url=https://mantisbt.org/
48
-safe=2.10.1
49
-old_safe=1.3.14
50
-vuln=https://mantisbt.org/blog/archives/mantisbt/572
47
+safe=2.15.1
48
+vuln=CVE-2018-13055
51 49
 file=constant_inc.php
52 50
 variable=MANTIS_VERSION
53 51
 subdir=1
... ...
@@ -142,16 +140,16 @@ extra_match=define("TITLE", "FTP Admin");
142 140
 
143 141
 [RoundCube-deprecated]
144 142
 url=http://roundcube.net
145
-safe=1.3.6
146
-vuln=CVE-2018-9846
143
+safe=1.3.7
144
+vuln=https://roundcube.net/news/2018/07/27/update-1.3.7-released
147 145
 file=index.php
148 146
 variable=RCMAIL_VERSION
149 147
 subdir=0
150 148
 
151 149
 [RoundCube]
152 150
 url=http://roundcube.net
153
-safe=1.3.6
154
-vuln=CVE-2018-9846
151
+safe=1.3.7
152
+vuln=https://roundcube.net/news/2018/07/27/update-1.3.7-released
155 153
 file=iniset.php
156 154
 variable=RCMAIL_VERSION
157 155
 subdir=2
Browse code

phpmyadmin update

Hanno Böck authored on24/06/2018 20:38:46
Showing1 changed files
... ...
@@ -1,15 +1,15 @@
1 1
 [phpMyAdmin-veryold]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.7.8
4
-vuln=CVE-2018-7260
3
+safe=4.8.2
4
+vuln=CVE-2018-12613
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9 9
 [phpMyAdmin]
10 10
 url=http://www.phpmyadmin.net/
11
-safe=4.7.8
12
-vuln=CVE-2018-7260
11
+safe=4.8.2
12
+vuln=CVE-2018-12613
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
15 15
 subdir=1
... ...
@@ -17,8 +17,8 @@ extra_match=namespace PMA\libraries;
17 17
 
18 18
 [phpMyAdmin-old]
19 19
 url=http://www.phpmyadmin.net/
20
-safe=4.7.8
21
-vuln=CVE-2018-7260
20
+safe=4.8.2
21
+vuln=CVE-2018-12613
22 22
 file=Config.php
23 23
 variable=PMA_VERSION
24 24
 subdir=2
Browse code

properly detect subdir of phpMyAdmin 4.8 and above

Hanno Böck authored on24/06/2018 20:37:51
Showing1 changed files
... ...
@@ -1,4 +1,4 @@
1
-[phpMyAdmin-old]
1
+[phpMyAdmin-veryold]
2 2
 url=http://www.phpmyadmin.net/
3 3
 safe=4.7.8
4 4
 vuln=CVE-2018-7260
... ...
@@ -13,6 +13,16 @@ vuln=CVE-2018-7260
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
15 15
 subdir=1
16
+extra_match=namespace PMA\libraries;
17
+
18
+[phpMyAdmin-old]
19
+url=http://www.phpmyadmin.net/
20
+safe=4.7.8
21
+vuln=CVE-2018-7260
22
+file=Config.php
23
+variable=PMA_VERSION
24
+subdir=2
25
+extra_match=namespace PhpMyAdmin;
16 26
 
17 27
 [SquirrelMail]
18 28
 url=http://www.squirrelmail.org/
Browse code

nextcloud update

Hanno Böck authored on16/06/2018 13:04:47
Showing1 changed files
... ...
@@ -331,9 +331,9 @@ subdir=1
331 331
 url=https://nextcloud.com
332 332
 file=version.php
333 333
 variable=$OC_VersionString
334
-vuln=CVE-2017-0891
335
-safe=11.0.3
336
-old_safe=10.0.5,9.0.58
334
+vuln=CVE-2017-0936
335
+safe=12.0.5
336
+old_safe=11.0.7
337 337
 subdir=0
338 338
 extra_match=$vendor = 'nextcloud';
339 339
 
Browse code

roundcube CVE-2018-9846

Hanno authored on19/04/2018 10:50:06
Showing1 changed files
... ...
@@ -132,16 +132,16 @@ extra_match=define("TITLE", "FTP Admin");
132 132
 
133 133
 [RoundCube-deprecated]
134 134
 url=http://roundcube.net
135
-safe=1.3.5
136
-vuln=https://roundcube.net/news/2018/03/15/update-1.3.5-released
135
+safe=1.3.6
136
+vuln=CVE-2018-9846
137 137
 file=index.php
138 138
 variable=RCMAIL_VERSION
139 139
 subdir=0
140 140
 
141 141
 [RoundCube]
142 142
 url=http://roundcube.net
143
-safe=1.3.5
144
-vuln=https://roundcube.net/news/2018/03/15/update-1.3.5-released
143
+safe=1.3.6
144
+vuln=CVE-2018-9846
145 145
 file=iniset.php
146 146
 variable=RCMAIL_VERSION
147 147
 subdir=2
Browse code

roundcube update

Hanno Böck authored on31/03/2018 10:30:25
Showing1 changed files
... ...
@@ -132,16 +132,16 @@ extra_match=define("TITLE", "FTP Admin");
132 132
 
133 133
 [RoundCube-deprecated]
134 134
 url=http://roundcube.net
135
-safe=1.3.3
136
-vuln=CVE-2017-16651
135
+safe=1.3.5
136
+vuln=https://roundcube.net/news/2018/03/15/update-1.3.5-released
137 137
 file=index.php
138 138
 variable=RCMAIL_VERSION
139 139
 subdir=0
140 140
 
141 141
 [RoundCube]
142 142
 url=http://roundcube.net
143
-safe=1.3.3
144
-vuln=CVE-2017-16651
143
+safe=1.3.5
144
+vuln=https://roundcube.net/news/2018/03/15/update-1.3.5-released
145 145
 file=iniset.php
146 146
 variable=RCMAIL_VERSION
147 147
 subdir=2
Browse code

mantis update

Hanno Böck authored on24/02/2018 06:39:32
Showing1 changed files
... ...
@@ -26,18 +26,18 @@ subdir=1
26 26
 # old mantis versions behave different
27 27
 [Mantis-deprecated]
28 28
 url=https://mantisbt.org/
29
-safe=2.5.2
30
-old_safe=1.3.12
31
-vuln=CVE-2017-12061
29
+safe=2.10.1
30
+old_safe=1.3.14
31
+vuln=https://mantisbt.org/blog/archives/mantisbt/572
32 32
 file=config_defaults_inc.php
33 33
 variable=$g_mantis_version
34 34
 subdir=0
35 35
 
36 36
 [Mantis]
37 37
 url=https://mantisbt.org/
38
-safe=2.5.2
39
-old_safe=1.3.12
40
-vuln=CVE-2017-12061
38
+safe=2.10.1
39
+old_safe=1.3.14
40
+vuln=https://mantisbt.org/blog/archives/mantisbt/572
41 41
 file=constant_inc.php
42 42
 variable=MANTIS_VERSION
43 43
 subdir=1
Browse code

pma update

Hanno Böck authored on20/02/2018 18:18:05
Showing1 changed files
... ...
@@ -1,15 +1,15 @@
1 1
 [phpMyAdmin-old]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.7.7
4
-vuln=https://www.phpmyadmin.net/security/PMASA-2017-8/
3
+safe=4.7.8
4
+vuln=CVE-2018-7260
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9 9
 [phpMyAdmin]
10 10
 url=http://www.phpmyadmin.net/
11
-safe=4.7.7
12
-vuln=https://www.phpmyadmin.net/security/PMASA-2017-8/
11
+safe=4.7.8
12
+vuln=CVE-2018-7260
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
15 15
 subdir=1
Browse code

pma update

Hanno Böck authored on24/12/2017 00:15:36
Showing1 changed files
... ...
@@ -1,6 +1,6 @@
1 1
 [phpMyAdmin-old]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.7.0
3
+safe=4.7.7
4 4
 vuln=https://www.phpmyadmin.net/security/PMASA-2017-8/
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
... ...
@@ -8,7 +8,7 @@ subdir=1
8 8
 
9 9
 [phpMyAdmin]
10 10
 url=http://www.phpmyadmin.net/
11
-safe=4.7.0
11
+safe=4.7.7
12 12
 vuln=https://www.phpmyadmin.net/security/PMASA-2017-8/
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
Browse code

nextcloud update

Hanno Böck authored on10/12/2017 10:06:10
Showing1 changed files
... ...
@@ -331,9 +331,9 @@ subdir=1
331 331
 url=https://nextcloud.com
332 332
 file=version.php
333 333
 variable=$OC_VersionString
334
-vuln=https://nextcloud.com/security/advisory/?id=nc-sa-2017-001
335
-safe=10.0.2
336
-old_safe=9.0.57,9.0.56
334
+vuln=CVE-2017-0891
335
+safe=11.0.3
336
+old_safe=10.0.5,9.0.58
337 337
 subdir=0
338 338
 extra_match=$vendor = 'nextcloud';
339 339
 
Browse code

roundcube update

Hanno Böck authored on18/11/2017 02:21:44
Showing1 changed files
... ...
@@ -132,16 +132,16 @@ extra_match=define("TITLE", "FTP Admin");
132 132
 
133 133
 [RoundCube-deprecated]
134 134
 url=http://roundcube.net
135
-safe=1.2.6
136
-vuln=https://github.com/roundcube/roundcubemail/releases/tag/1.2.6
135
+safe=1.3.3
136
+vuln=CVE-2017-16651
137 137
 file=index.php
138 138
 variable=RCMAIL_VERSION
139 139
 subdir=0
140 140
 
141 141
 [RoundCube]
142 142
 url=http://roundcube.net
143
-safe=1.2.6
144
-vuln=https://github.com/roundcube/roundcubemail/releases/tag/1.2.6
143
+safe=1.3.3
144
+vuln=CVE-2017-16651
145 145
 file=iniset.php
146 146
 variable=RCMAIL_VERSION
147 147
 subdir=2
Browse code

fix regexp somewhat, this should be reviewed again

Hanno Böck authored on17/11/2017 20:04:57
Showing1 changed files
... ...
@@ -396,7 +396,7 @@ subdir=0
396 396
 [Gitlist]
397 397
 url=http://gitlist.org/
398 398
 file=footer.twig
399
-variable="Powered by"
399
+variable=Powered by
400 400
 safe=0.5.0
401 401
 latest=0.6.0
402 402
 vuln=CVE-2014-4511
Browse code

add gitlist

Hanno Böck authored on16/11/2017 19:49:37
Showing1 changed files
... ...
@@ -392,3 +392,12 @@ safe=1.8.12
392 392
 latest=1.9.12
393 393
 vuln=https://github.com/osTicket/osTicket-1.8/releases/tag/v1.8.12
394 394
 subdir=0
395
+
396
+[Gitlist]
397
+url=http://gitlist.org/
398
+file=footer.twig
399
+variable="Powered by"
400
+safe=0.5.0
401
+latest=0.6.0
402
+vuln=CVE-2014-4511
403
+subdir=3
Browse code

pma update

Hanno Böck authored on24/09/2017 15:53:26
Showing1 changed files
... ...
@@ -1,15 +1,15 @@
1 1
 [phpMyAdmin-old]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.6.6
4
-vuln=https://www.phpmyadmin.net/security/PMASA-2017-7/
3
+safe=4.7.0
4
+vuln=https://www.phpmyadmin.net/security/PMASA-2017-8/
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9 9
 [phpMyAdmin]
10 10
 url=http://www.phpmyadmin.net/
11
-safe=4.6.6
12
-vuln=https://www.phpmyadmin.net/security/PMASA-2017-7/
11
+safe=4.7.0
12
+vuln=https://www.phpmyadmin.net/security/PMASA-2017-8/
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
15 15
 subdir=1
Browse code

roundcube update

Hanno Böck authored on24/09/2017 15:50:47
Showing1 changed files
... ...
@@ -132,18 +132,16 @@ extra_match=define("TITLE", "FTP Admin");
132 132
 
133 133
 [RoundCube-deprecated]
134 134
 url=http://roundcube.net
135
-safe=1.2.5
136
-old_safe=1.1.9
137
-vuln=CVE-2017-8114
135
+safe=1.2.6
136
+vuln=https://github.com/roundcube/roundcubemail/releases/tag/1.2.6
138 137
 file=index.php
139 138
 variable=RCMAIL_VERSION
140 139
 subdir=0
141 140
 
142 141
 [RoundCube]
143 142
 url=http://roundcube.net
144
-safe=1.2.5
145
-old_safe=1.1.9
146
-vuln=CVE-2017-8114
143
+safe=1.2.6
144
+vuln=https://github.com/roundcube/roundcubemail/releases/tag/1.2.6
147 145
 file=iniset.php
148 146
 variable=RCMAIL_VERSION
149 147
 subdir=2
Browse code

mantis update

Hanno Böck authored on23/09/2017 12:58:58
Showing1 changed files
... ...
@@ -26,18 +26,18 @@ subdir=1
26 26
 # old mantis versions behave different
27 27
 [Mantis-deprecated]
28 28
 url=https://mantisbt.org/
29
-safe=2.3.1
30
-old_safe=2.2.4,1.3.10
31
-vuln=CVE-2017-7615
29
+safe=2.5.2
30
+old_safe=1.3.12
31
+vuln=CVE-2017-12061
32 32
 file=config_defaults_inc.php
33 33
 variable=$g_mantis_version
34 34
 subdir=0
35 35
 
36 36
 [Mantis]
37 37
 url=https://mantisbt.org/
38
-safe=2.3.1
39
-old_safe=2.2.4,1.3.10
40
-vuln=CVE-2017-7615
38
+safe=2.5.2
39
+old_safe=1.3.12
40
+vuln=CVE-2017-12061
41 41
 file=constant_inc.php
42 42
 variable=MANTIS_VERSION
43 43
 subdir=1
Browse code

roundcube update

Hanno Böck authored on20/05/2017 23:13:51
Showing1 changed files
... ...
@@ -132,18 +132,18 @@ extra_match=define("TITLE", "FTP Admin");
132 132
 
133 133
 [RoundCube-deprecated]
134 134
 url=http://roundcube.net
135
-safe=1.2.4
136
-old_safe=1.1.8
137
-vuln=CVE-2017-6820
135
+safe=1.2.5
136
+old_safe=1.1.9
137
+vuln=CVE-2017-8114
138 138
 file=index.php
139 139
 variable=RCMAIL_VERSION
140 140
 subdir=0
141 141
 
142 142
 [RoundCube]
143 143
 url=http://roundcube.net
144
-safe=1.2.3
145
-old_safe=1.1.7
146
-vuln=https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
144
+safe=1.2.5
145
+old_safe=1.1.9
146
+vuln=CVE-2017-8114
147 147
 file=iniset.php
148 148
 variable=RCMAIL_VERSION
149 149
 subdir=2
Browse code

mantis update

Hanno Böck authored on17/04/2017 20:35:10
Showing1 changed files
... ...
@@ -25,19 +25,19 @@ subdir=1
25 25
 
26 26
 # old mantis versions behave different
27 27
 [Mantis-deprecated]
28
-url=http://www.mantisbt.org/
29
-safe=2.3.0
30
-old_safe=2.2.3,1.3.9
31
-vuln=CVE-2017-7309
28
+url=https://mantisbt.org/
29
+safe=2.3.1
30
+old_safe=2.2.4,1.3.10
31
+vuln=CVE-2017-7615
32 32
 file=config_defaults_inc.php
33 33
 variable=$g_mantis_version
34 34
 subdir=0
35 35
 
36 36
 [Mantis]
37
-url=http://www.mantisbt.org/
38
-safe=2.3.0
39
-old_safe=2.2.3,1.3.9
40
-vuln=CVE-2017-7309
37
+url=https://mantisbt.org/
38
+safe=2.3.1
39
+old_safe=2.2.4,1.3.10
40
+vuln=CVE-2017-7615
41 41
 file=constant_inc.php
42 42
 variable=MANTIS_VERSION
43 43
 subdir=1
Browse code

piwik xss

Hanno Böck authored on12/04/2017 18:47:16
Showing1 changed files
... ...
@@ -208,8 +208,8 @@ subdir=1
208 208
 
209 209
 [Piwik]
210 210
 url=http://piwik.org/
211
-safe=2.15.0
212
-vuln=CVE-2015-7816
211
+safe=3.0.3
212
+vuln=https://piwik.org/changelog/piwik-3-0-3/
213 213
 file=Version.php
214 214
 variable=const VERSION
215 215
 subdir=1
Browse code

mantis update

Hanno Böck authored on01/04/2017 10:19:49
Showing1 changed files
... ...
@@ -26,16 +26,18 @@ subdir=1
26 26
 # old mantis versions behave different
27 27
 [Mantis-deprecated]
28 28
 url=http://www.mantisbt.org/
29
-safe=1.3.5
30
-vuln=CVE-2016-10033
29
+safe=2.3.0
30
+old_safe=2.2.3,1.3.9
31
+vuln=CVE-2017-7309
31 32
 file=config_defaults_inc.php
32 33
 variable=$g_mantis_version
33 34
 subdir=0
34 35
 
35 36
 [Mantis]
36 37
 url=http://www.mantisbt.org/
37
-safe=1.3.5
38
-vuln=CVE-2016-10033
38
+safe=2.3.0
39
+old_safe=2.2.3,1.3.9
40
+vuln=CVE-2017-7309
39 41
 file=constant_inc.php
40 42
 variable=MANTIS_VERSION
41 43
 subdir=1
Browse code

moodle update

Hanno Böck authored on20/03/2017 18:57:34
Showing1 changed files
... ...
@@ -148,9 +148,9 @@ subdir=2
148 148
 
149 149
 [Moodle]
150 150
 url=http://www.moodle.org/
151
-safe=2.7.3
152
-old_safe=2.6.6,2.5.9
153
-vuln=CVE-2014-7830
151
+safe=3.2.2
152
+old_safe=3.1.5,3.0.9,2.7.19
153
+vuln=CVE-2017-2641
154 154
 file=version.php
155 155
 variable=$release
156 156
 subdir=0
Browse code

better detection for old owncloud

Hanno Böck authored on14/03/2017 14:18:03
Showing1 changed files
... ...
@@ -352,6 +352,7 @@ url=http://owncloud.org/
352 352
 file=util.php
353 353
 variable=return '
354 354
 subdir=1
355
+extra_match=class OC_Util
355 356
 vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-003
356 357
 safe=9.1.3
357 358
 old_safe=9.0.8,8.2.10,8.1.12
Browse code

roundcube xss

Hanno Böck authored on12/03/2017 20:34:40
Showing1 changed files
... ...
@@ -130,9 +130,9 @@ extra_match=define("TITLE", "FTP Admin");
130 130
 
131 131
 [RoundCube-deprecated]
132 132
 url=http://roundcube.net
133
-safe=1.2.3
134
-old_safe=1.1.7
135
-vuln=https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
133
+safe=1.2.4
134
+old_safe=1.1.8
135
+vuln=CVE-2017-6820
136 136
 file=index.php
137 137
 variable=RCMAIL_VERSION
138 138
 subdir=0
Browse code

correct old_safe for nextcloud

Hanno Böck authored on09/03/2017 23:21:11
Showing1 changed files
... ...
@@ -333,7 +333,7 @@ file=version.php
333 333
 variable=$OC_VersionString
334 334
 vuln=https://nextcloud.com/security/advisory/?id=nc-sa-2017-001
335 335
 safe=10.0.2
336
-old_safe=9.0.55
336
+old_safe=9.0.57,9.0.56
337 337
 subdir=0
338 338
 extra_match=$vendor = 'nextcloud';
339 339
 
Browse code

pma update

Hanno Böck authored on16/02/2017 11:02:57
Showing1 changed files
... ...
@@ -1,15 +1,15 @@
1 1
 [phpMyAdmin-old]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.6.5
4
-vuln=https://www.phpmyadmin.net/security/PMASA-2016-71/
3
+safe=4.6.6
4
+vuln=https://www.phpmyadmin.net/security/PMASA-2017-7/
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9 9
 [phpMyAdmin]
10 10
 url=http://www.phpmyadmin.net/
11
-safe=4.6.5
12
-vuln=https://www.phpmyadmin.net/security/PMASA-2016-71/
11
+safe=4.6.6
12
+vuln=https://www.phpmyadmin.net/security/PMASA-2017-7/
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
15 15
 subdir=1
Browse code

add old_safe for owncloud

Hanno Böck authored on13/02/2017 12:47:01
Showing1 changed files
... ...
@@ -343,6 +343,7 @@ file=version.php
343 343
 variable=$OC_VersionString
344 344
 vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-003
345 345
 safe=9.1.3
346
+old_safe=9.0.8,8.2.10,8.1.12
346 347
 subdir=0
347 348
 extra_nomatch=nextcloud
348 349
 
... ...
@@ -353,6 +354,7 @@ variable=return '
353 354
 subdir=1
354 355
 vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-003
355 356
 safe=9.1.3
357
+old_safe=9.0.8,8.2.10,8.1.12
356 358
 
357 359
 [videodb]
358 360
 url=http://www.videodb.net/
Browse code

nextcloud update

Hanno Böck authored on08/02/2017 12:14:19
Showing1 changed files
... ...
@@ -331,8 +331,9 @@ subdir=1
331 331
 url=https://nextcloud.com
332 332
 file=version.php
333 333
 variable=$OC_VersionString
334
-vuln=https://nextcloud.com/security/advisory/?id=nc-sa-2016-008
335
-safe=10.0.1
334
+vuln=https://nextcloud.com/security/advisory/?id=nc-sa-2017-001
335
+safe=10.0.2
336
+old_safe=9.0.55
336 337
 subdir=0
337 338
 extra_match=$vendor = 'nextcloud';
338 339
 
Browse code

a bit better detection for own/nextcloud, still not working for some older nextcloud versions

Hanno Böck authored on08/02/2017 00:01:21
Showing1 changed files
... ...
@@ -343,13 +343,12 @@ variable=$OC_VersionString
343 343
 vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-003
344 344
 safe=9.1.3
345 345
 subdir=0
346
-extra_match=$OC_Edition = '';
346
+extra_nomatch=nextcloud
347 347
 
348 348
 [owncloud5]
349 349
 url=http://owncloud.org/
350 350
 file=util.php
351 351
 variable=return '
352
-extra_match=OC_Util
353 352
 subdir=1
354 353
 vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-003
355 354
 safe=9.1.3
Browse code

OwnCloud SA-2017-003

Bernd Wurst authored on07/02/2017 13:44:21
Showing1 changed files
... ...
@@ -340,7 +340,7 @@ extra_match=$vendor = 'nextcloud';
340 340
 url=http://owncloud.org/
341 341
 file=version.php
342 342
 variable=$OC_VersionString
343
-vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-001
343
+vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-003
344 344
 safe=9.1.3
345 345
 subdir=0
346 346
 extra_match=$OC_Edition = '';
... ...
@@ -351,8 +351,8 @@ file=util.php
351 351
 variable=return '
352 352
 extra_match=OC_Util
353 353
 subdir=1
354
-vuln=https://owncloud.org/security/advisory/?id=oc-sa-2016-018
355
-safe=9.1.1
354
+vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-003
355
+safe=9.1.3
356 356
 
357 357
 [videodb]
358 358
 url=http://www.videodb.net/
Browse code

owncloud update

Hanno Böck authored on07/02/2017 13:28:18
Showing1 changed files
... ...
@@ -340,8 +340,8 @@ extra_match=$vendor = 'nextcloud';
340 340
 url=http://owncloud.org/
341 341
 file=version.php
342 342
 variable=$OC_VersionString
343
-vuln=https://owncloud.org/security/advisory/?id=oc-sa-2016-018
344
-safe=9.1.1
343
+vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-001
344
+safe=9.1.3
345 345
 subdir=0
346 346
 extra_match=$OC_Edition = '';
347 347
 
Browse code

remove phpmailer, causes too many false positive warnings

Hanno Böck authored on02/02/2017 00:23:29
Showing1 changed files
... ...
@@ -389,11 +389,3 @@ safe=1.8.12
389 389
 latest=1.9.12
390 390
 vuln=https://github.com/osTicket/osTicket-1.8/releases/tag/v1.8.12
391 391
 subdir=0
392
-
393
-[phpmailer]
394
-url=https://github.com/PHPMailer/PHPMailer
395
-safe=5.2.18
396
-vuln=CVE-2016-10033
397
-file=class.phpmailer.php
398
-variable=public $Version
399
-subdir=0
Browse code

phplist update with new detection and phpmailer vuln

Hanno Böck authored on12/01/2017 11:23:40
Showing1 changed files
... ...
@@ -188,14 +188,22 @@ file=MyID.php
188 188
 variable=@version
189 189
 subdir=0
190 190
 
191
-[phplist]
191
+[phplist-old]
192 192
 url=http://www.phplist.com/
193
-safe=3.0.6
194
-vuln=CVE-2014-2916
193
+safe=3.2.7
194
+vuln=CVE-2016-10045
195 195
 file=connect.php
196 196
 variable=define("VERSION"
197 197
 subdir=1
198 198
 
199
+[phplist]
200
+url=http://www.phplist.com/
201
+safe=3.2.7
202
+vuln=CVE-2016-10045
203
+file=init.php
204
+variable=define("VERSION"
205
+subdir=1
206
+
199 207
 [Piwik]
200 208
 url=http://piwik.org/
201 209
 safe=2.15.0
Browse code

mantis phpmailer vuln

Hanno Böck authored on01/01/2017 10:24:33
Showing1 changed files
... ...
@@ -26,17 +26,16 @@ subdir=1
26 26
 # old mantis versions behave different
27 27
 [Mantis-deprecated]
28 28
 url=http://www.mantisbt.org/
29
-safe=1.3.1
30
-old_safe=1.2.20
31
-vuln=CVE-2016-5364
29
+safe=1.3.5
30
+vuln=CVE-2016-10033
32 31
 file=config_defaults_inc.php
33 32
 variable=$g_mantis_version
34 33
 subdir=0
35 34
 
36 35
 [Mantis]
37 36
 url=http://www.mantisbt.org/
38
-safe=1.2.19
39
-vuln=CVE-2014-9571
37
+safe=1.3.5
38
+vuln=CVE-2016-10033
40 39
 file=constant_inc.php
41 40
 variable=MANTIS_VERSION
42 41
 subdir=1
Browse code

phpmailer rce

Hanno Böck authored on26/12/2016 09:57:20
Showing1 changed files
... ...
@@ -382,3 +382,11 @@ safe=1.8.12
382 382
 latest=1.9.12
383 383
 vuln=https://github.com/osTicket/osTicket-1.8/releases/tag/v1.8.12
384 384
 subdir=0
385
+
386
+[phpmailer]
387
+url=https://github.com/PHPMailer/PHPMailer
388
+safe=5.2.18
389
+vuln=CVE-2016-10033
390
+file=class.phpmailer.php
391
+variable=public $Version
392
+subdir=0
Browse code

roundcube rce

Hanno Böck authored on08/12/2016 10:56:51
Showing1 changed files
... ...
@@ -131,18 +131,18 @@ extra_match=define("TITLE", "FTP Admin");
131 131
 
132 132
 [RoundCube-deprecated]
133 133
 url=http://roundcube.net
134
-safe=1.1.4
135
-old_safe=1.0.8
136
-vuln=https://www.htbridge.com/advisory/HTB23283
134
+safe=1.2.3
135
+old_safe=1.1.7
136
+vuln=https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
137 137
 file=index.php
138 138
 variable=RCMAIL_VERSION
139 139
 subdir=0
140 140
 
141 141
 [RoundCube]
142 142
 url=http://roundcube.net
143
-safe=1.1.2
144
-old_safe=1.0.6
145
-vuln=https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/
143
+safe=1.2.3
144
+old_safe=1.1.7
145
+vuln=https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
146 146
 file=iniset.php
147 147
 variable=RCMAIL_VERSION
148 148
 subdir=2
Browse code

pma update

Hanno Böck authored on25/11/2016 18:34:23
Showing1 changed files
... ...
@@ -1,15 +1,15 @@
1 1
 [phpMyAdmin-old]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.6.4
4
-vuln=CVE-2016-6631
3
+safe=4.6.5
4
+vuln=https://www.phpmyadmin.net/security/PMASA-2016-71/
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9 9
 [phpMyAdmin]
10 10
 url=http://www.phpmyadmin.net/
11
-safe=4.6.4
12
-vuln=CVE-2016-6631
11
+safe=4.6.5
12
+vuln=https://www.phpmyadmin.net/security/PMASA-2016-71/
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
15 15
 subdir=1
Browse code

nextcloud detection, wird aber immer noch als oc erkannt

Hanno Böck authored on18/11/2016 14:04:18
Showing1 changed files
... ...
@@ -320,6 +320,15 @@ safe=1.2.7
320 320
 vuln=CVE-2013-1422
321 321
 subdir=1
322 322
 
323
+[nextcloud]
324
+url=https://nextcloud.com
325
+file=version.php
326
+variable=$OC_VersionString
327
+vuln=https://nextcloud.com/security/advisory/?id=nc-sa-2016-008
328
+safe=10.0.1
329
+subdir=0
330
+extra_match=$vendor = 'nextcloud';
331
+
323 332
 [owncloud]
324 333
 url=http://owncloud.org/
325 334
 file=version.php
... ...
@@ -327,7 +336,7 @@ variable=$OC_VersionString
327 336
 vuln=https://owncloud.org/security/advisory/?id=oc-sa-2016-018
328 337
 safe=9.1.1
329 338
 subdir=0
330
-
339
+extra_match=$OC_Edition = '';
331 340
 
332 341
 [owncloud5]
333 342
 url=http://owncloud.org/
Browse code

revoking changes for piwik detection; caused many false positives

Bernd Wurst authored on17/11/2016 06:44:51
Showing1 changed files
... ...
@@ -204,7 +204,7 @@ vuln=CVE-2015-7816
204 204
 file=Version.php
205 205
 variable=const VERSION
206 206
 subdir=1
207
-#extra_match=@link http://piwik.org
207
+extra_match=@link http://piwik.org
208 208
 
209 209
 [phpWishlist]
210 210
 url=http://phpwishlist.sourceforge.net/
Browse code

owncloud update

Hanno Böck authored on15/11/2016 17:28:47
Showing1 changed files
... ...
@@ -204,7 +204,7 @@ vuln=CVE-2015-7816
204 204
 file=Version.php
205 205
 variable=const VERSION
206 206
 subdir=1
207
-extra_match=@link http://piwik.org
207
+#extra_match=@link http://piwik.org
208 208
 
209 209
 [phpWishlist]
210 210
 url=http://phpwishlist.sourceforge.net/
... ...
@@ -324,9 +324,8 @@ subdir=1
324 324
 url=http://owncloud.org/
325 325
 file=version.php
326 326
 variable=$OC_VersionString
327
-vuln=CVE-2016-1498
328
-safe=8.2.2
329
-old_safe=8.1.6,8.1.5,8.0.11,8.0.10,7.0.13,7.0.12
327
+vuln=https://owncloud.org/security/advisory/?id=oc-sa-2016-018
328
+safe=9.1.1
330 329
 subdir=0
331 330
 
332 331
 
... ...
@@ -336,9 +335,8 @@ file=util.php
336 335
 variable=return '
337 336
 extra_match=OC_Util
338 337
 subdir=1
339
-vuln=CVE-2016-1498
340
-safe=8.2.2
341
-old_safe=8.1.5,8.0.10,7.0.12
338
+vuln=https://owncloud.org/security/advisory/?id=oc-sa-2016-018
339
+safe=9.1.1
342 340
 
343 341
 [videodb]
344 342
 url=http://www.videodb.net/
Browse code

mantis update

Hanno Böck authored on01/09/2016 08:44:52
Showing1 changed files
... ...
@@ -26,8 +26,9 @@ subdir=1
26 26
 # old mantis versions behave different
27 27
 [Mantis-deprecated]
28 28
 url=http://www.mantisbt.org/
29
-safe=1.2.19
30
-vuln=CVE-2014-9571
29
+safe=1.3.1
30
+old_safe=1.2.20
31
+vuln=CVE-2016-5364
31 32
 file=config_defaults_inc.php
32 33
 variable=$g_mantis_version
33 34
 subdir=0
Browse code

pma update

Hanno Böck authored on20/08/2016 12:46:03
Showing1 changed files
... ...
@@ -1,15 +1,15 @@
1 1
 [phpMyAdmin-old]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.6.3
4
-vuln=CVE-2016-5703
3
+safe=4.6.4
4
+vuln=CVE-2016-6631
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9 9
 [phpMyAdmin]
10 10
 url=http://www.phpmyadmin.net/
11
-safe=4.6.3
12
-vuln=CVE-2016-5703
11
+safe=4.6.4
12
+vuln=CVE-2016-6631
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
15 15
 subdir=1
Browse code

pma update

Hanno Böck authored on23/06/2016 23:30:12
Showing1 changed files
... ...
@@ -1,15 +1,15 @@
1 1
 [phpMyAdmin-old]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.5.5.1
4
-vuln=CVE-2016-2561
3
+safe=4.6.3
4
+vuln=CVE-2016-5703
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9 9
 [phpMyAdmin]
10 10
 url=http://www.phpmyadmin.net/
11
-safe=4.5.5.1
12
-vuln=CVE-2016-2561
11
+safe=4.6.3
12
+vuln=CVE-2016-5703
13 13
 file=Config.php
14 14
 variable=PMA_VERSION
15 15
 subdir=1
Browse code

new pma versions need different detectoin

Hanno Böck authored on31/03/2016 20:06:02
Showing1 changed files
... ...
@@ -1,4 +1,4 @@
1
-[phpMyAdmin]
1
+[phpMyAdmin-old]
2 2
 url=http://www.phpmyadmin.net/
3 3
 safe=4.5.5.1
4 4
 vuln=CVE-2016-2561
... ...
@@ -6,6 +6,14 @@ file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
8 8
 
9
+[phpMyAdmin]
10
+url=http://www.phpmyadmin.net/
11
+safe=4.5.5.1
12
+vuln=CVE-2016-2561
13
+file=Config.php
14
+variable=PMA_VERSION
15
+subdir=1
16
+
9 17
 [SquirrelMail]
10 18
 url=http://www.squirrelmail.org/
11 19
 safe=1.4.22
Browse code

pma update

Hanno Böck authored on31/03/2016 14:24:35
Showing1 changed files
... ...
@@ -1,7 +1,7 @@
1 1
 [phpMyAdmin]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.5.4
4
-vuln=CVE-2016-2045
3
+safe=4.5.5.1
4
+vuln=CVE-2016-2561
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
Browse code

owncloud add old versions

Hanno Böck authored on10/03/2016 18:53:29
Showing1 changed files
... ...
@@ -317,7 +317,7 @@ file=version.php
317 317
 variable=$OC_VersionString
318 318
 vuln=CVE-2016-1498
319 319
 safe=8.2.2
320
-old_safe=8.1.5,8.0.10,7.0.12
320
+old_safe=8.1.6,8.1.5,8.0.11,8.0.10,7.0.13,7.0.12
321 321
 subdir=0
322 322
 
323 323
 
Browse code

update limesurvey

Hanno Böck authored on07/03/2016 12:30:48
Showing1 changed files
... ...
@@ -280,8 +280,8 @@ url=http://www.limesurvey.org/
280 280
 file=common.php
281 281
 variable=$versionnumber
282 282
 extra_match=LimeSurvey
283
-safe=2.05
284
-vuln=http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5161.php
283
+safe=2.07
284
+vuln=CVE-2015-5078
285 285
 subdir=0
286 286
 
287 287
 [limesurvey19]
... ...
@@ -289,8 +289,8 @@ url=http://www.limesurvey.org/
289 289
 file=version.php
290 290
 variable=$versionnumber
291 291
 extra_match=$dbversionnumber
292
-safe=2.05
293
-vuln=http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5161.php
292
+safe=2.07
293
+vuln=CVE-2015-5078
294 294
 subdir=0
295 295
 
296 296
 [limesurvey]
... ...
@@ -298,8 +298,8 @@ url=http://www.limesurvey.org/
298 298
 file=version.php
299 299
 variable=$config['versionnumber']
300 300
 extra_match=LimeSurvey
301
-safe=2.05
302
-vuln=http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5161.php
301
+safe=2.07
302
+vuln=CVE-2015-5078
303 303
 subdir=2
304 304
 
305 305
 [webcalendar]
Browse code

pma update

Hanno Böck authored on30/01/2016 11:52:10
Showing1 changed files
... ...
@@ -1,7 +1,7 @@
1 1
 [phpMyAdmin]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.4.6.1
4
-vuln=CVE-2015-3902
3
+safe=4.5.4
4
+vuln=CVE-2016-2045
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
Browse code

piwik update

Hanno Böck authored on21/01/2016 21:21:13
Showing1 changed files
... ...
@@ -190,8 +190,8 @@ subdir=1
190 190
 
191 191
 [Piwik]
192 192
 url=http://piwik.org/
193
-safe=2.6.0
194
-vuln=https://community.qualys.com/blogs/securitylabs/2014/09/11/xss-vulnerability-shows-how-security-issues-can-creep-into-popular-software
193
+safe=2.15.0
194
+vuln=CVE-2015-7816
195 195
 file=Version.php
196 196
 variable=const VERSION
197 197
 subdir=1
Browse code

owncloud update

Hanno Böck authored on17/01/2016 12:05:54
Showing1 changed files
... ...
@@ -311,25 +311,25 @@ safe=1.2.7
311 311
 vuln=CVE-2013-1422
312 312
 subdir=1
313 313
 
314
-[owncloud6]
314
+[owncloud]
315 315
 url=http://owncloud.org/
316 316
 file=version.php
317 317
 variable=$OC_VersionString
318
-vuln=CVE-2014-9047
319
-safe=7.0.3
320
-old_safe=6.0.6
318
+vuln=CVE-2016-1498
319
+safe=8.2.2
320
+old_safe=8.1.5,8.0.10,7.0.12
321 321
 subdir=0
322 322
 
323 323
 
324
-[owncloud]
324
+[owncloud5]
325 325
 url=http://owncloud.org/
326 326
 file=util.php
327 327
 variable=return '
328 328
 extra_match=OC_Util
329 329
 subdir=1
330
-vuln=CVE-2014-9047
331
-safe=7.0.3
332
-old_safe=6.0.6
330
+vuln=CVE-2016-1498
331
+safe=8.2.2
332
+old_safe=8.1.5,8.0.10,7.0.12
333 333
 
334 334
 [videodb]
335 335
 url=http://www.videodb.net/
Browse code

roundcube update

Hanno Böck authored on03/01/2016 12:36:31
Showing1 changed files
... ...
@@ -122,9 +122,9 @@ extra_match=define("TITLE", "FTP Admin");
122 122
 
123 123
 [RoundCube-deprecated]
124 124
 url=http://roundcube.net
125
-safe=1.1.2
126
-old_safe=1.0.6
127
-vuln=https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/
125
+safe=1.1.4
126
+old_safe=1.0.8
127
+vuln=https://www.htbridge.com/advisory/HTB23283
128 128
 file=index.php
129 129
 variable=RCMAIL_VERSION
130 130
 subdir=0
Browse code

osticket added

Hanno Böck authored on14/11/2015 18:53:10
Showing1 changed files
... ...
@@ -357,3 +357,12 @@ extra_match=Revive Adserver
357 357
 safe=3.0.5
358 358
 vuln=CVE-2013-5954
359 359
 subdir=0
360
+
361
+[osTicket]
362
+url=http://osticket.com/
363
+file=bootstrap.php
364
+variable=define('THIS_VERSION',
365
+safe=1.8.12
366
+latest=1.9.12
367
+vuln=https://github.com/osTicket/osTicket-1.8/releases/tag/v1.8.12
368
+subdir=0
Browse code

roundcube 1.1.2/1.0.6 security fixes

Hanno Böck authored on06/07/2015 14:38:49
Showing1 changed files
... ...
@@ -122,16 +122,18 @@ extra_match=define("TITLE", "FTP Admin");
122 122
 
123 123
 [RoundCube-deprecated]
124 124
 url=http://roundcube.net
125
-safe=1.0.5
126
-vuln=CVE-2015-1433
125
+safe=1.1.2
126
+old_safe=1.0.6
127
+vuln=https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/
127 128
 file=index.php
128 129
 variable=RCMAIL_VERSION
129 130
 subdir=0
130 131
 
131 132
 [RoundCube]
132 133
 url=http://roundcube.net
133
-safe=1.0.5
134
-vuln=CVE-2015-1433
134
+safe=1.1.2
135
+old_safe=1.0.6
136
+vuln=https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/
135 137
 file=iniset.php
136 138
 variable=RCMAIL_VERSION
137 139
 subdir=2
Browse code

phpmyadmin update

Hanno Böck authored on17/05/2015 18:46:31
Showing1 changed files
... ...
@@ -1,7 +1,7 @@
1 1
 [phpMyAdmin]
2 2
 url=http://www.phpmyadmin.net/
3
-safe=4.2.13.1
4
-vuln=CVE-2014-9219
3
+safe=4.4.6.1
4
+vuln=CVE-2015-3902
5 5
 file=Config.class.php
6 6
 variable=PMA_VERSION
7 7
 subdir=1
Browse code

mantis update

Hanno Böck authored on09/05/2015 09:34:45
Showing1 changed files
... ...
@@ -18,16 +18,16 @@ subdir=1
18 18
 # old mantis versions behave different
19 19
 [Mantis-deprecated]
20 20
 url=http://www.mantisbt.org/
21
-safe=1.2.18
22
-vuln=CVE-2014-8554
21
+safe=1.2.19
22
+vuln=CVE-2014-9571
23 23
 file=config_defaults_inc.php
24 24
 variable=$g_mantis_version
25 25
 subdir=0
26 26
 
27 27
 [Mantis]
28 28
 url=http://www.mantisbt.org/
29
-safe=1.2.18
30
-vuln=CVE-2014-8554
29
+safe=1.2.19
30
+vuln=CVE-2014-9571
31 31
 file=constant_inc.php
32 32
 variable=MANTIS_VERSION