[phpMyAdmin-old] url=http://www.phpmyadmin.net/ safe=4.6.6 vuln=https://www.phpmyadmin.net/security/PMASA-2017-7/ file=Config.class.php variable=PMA_VERSION subdir=1 [phpMyAdmin] url=http://www.phpmyadmin.net/ safe=4.6.6 vuln=https://www.phpmyadmin.net/security/PMASA-2017-7/ file=Config.php variable=PMA_VERSION subdir=1 [SquirrelMail] url=http://www.squirrelmail.org/ safe=1.4.22 vuln=CVE-2010-4554 file=strings.php variable=$version extra_match=SquirrelMail version number subdir=1 # old mantis versions behave different [Mantis-deprecated] url=https://mantisbt.org/ safe=2.5.2 old_safe=1.3.12 vuln=CVE-2017-12061 file=config_defaults_inc.php variable=$g_mantis_version subdir=0 [Mantis] url=https://mantisbt.org/ safe=2.5.2 old_safe=1.3.12 vuln=CVE-2017-12061 file=constant_inc.php variable=MANTIS_VERSION subdir=1 [Bugzilla3] url=http://www.bugzilla.org/ safe=4.4.7 old_safe=4.2.12,4.0.16 vuln=CVE-2011-2379 file=Constants.pm variable=BUGZILLA_VERSION subdir=1 [Bugzilla2] url=http://www.bugzilla.org/ safe=4.4.7 old_safe=4.2.12,4.0.16 vuln=CVE-2011-2379 file=Config.pm variable=$Bugzilla::Config::VERSION subdir=1 [SimpNews] url=http://www.boesch-it.de safe=2.48 vuln=CVE-2010-2858 file=global.inc.php variable=$version subdir=1 extra_match=$path_simpnews [calendarix] url=http://www.calendarix.com/ safe= vuln=CVE-2007-3183 file=cal_config.inc.php variable=$version subdir=0 [myEvent] url=http://mywebland.com/ safe= vuln=CVE-2007-0690 file=config.php variable=$version extra_match=$eventbgcolor subdir=0 [php-stats] url=http://php-stats.com/ safe= vuln=CVE-2007-5453 file=update.php variable=$version extra_match=http://php-stats.com/ subdir=0 [Ampache] url=http://ampache.org/ safe=3.5.3 vuln=http://ampache.org/2009/12/20/3-5-3-security-release/ file=init.php variable=$results['version'] subdir=1 extra_match=$ampache_path [SiteBar] url=http://sitebar.org/ safe=3.3.9 vuln=CVE-2007-5492 file=database.inc.php variable=SB_CURRENT_RELEASE subdir=1 [phpPgAdmin] url=http://phppgadmin.sourceforge.net/ safe=5.0.4 vuln=CVE-2012-1600 file=lib.inc.php variable=$appVersion subdir=1 extra_match=phpPgAdmin [FTP Admin] url=http://ftpadmin.sourceforge.net/ safe= vuln=CVE-2007-6234 file=session_start.php variable=VERSION subdir=0 extra_match=define("TITLE", "FTP Admin"); [RoundCube-deprecated] url=http://roundcube.net safe=1.2.6 vuln=https://github.com/roundcube/roundcubemail/releases/tag/1.2.6 file=index.php variable=RCMAIL_VERSION subdir=0 [RoundCube] url=http://roundcube.net safe=1.2.6 vuln=https://github.com/roundcube/roundcubemail/releases/tag/1.2.6 file=iniset.php variable=RCMAIL_VERSION subdir=2 [Moodle] url=http://www.moodle.org/ safe=3.2.2 old_safe=3.1.5,3.0.9,2.7.19 vuln=CVE-2017-2641 file=version.php variable=$release subdir=0 extra_match=MOODLE VERSION INFORMATION [cacti] url=http://www.cacti.net/ safe=0.8.7 vuln=CVE-2007-6035 file=global.php variable=$config["cacti_version"] subdir=1 [gnopaste] url=http://gnopaste.sf.net/ safe=0.5.4 vuln=CVE-2006-2834 file=install.php variable=$_SESSION['page_title'] = 'gnopaste subdir=0 [Flyspray] url=http://www.flyspray.org/ safe=0.9.9.7 vuln=CVE-2012-1058 file=class.flyspray.php variable=var $version subdir=1 [phpMyID] url=http://siege.org/projects/phpMyID safe= vuln=CVE-2008-4730 file=MyID.php variable=@version subdir=0 [phplist-old] url=http://www.phplist.com/ safe=3.2.7 vuln=CVE-2016-10045 file=connect.php variable=define("VERSION" subdir=1 [phplist] url=http://www.phplist.com/ safe=3.2.7 vuln=CVE-2016-10045 file=init.php variable=define("VERSION" subdir=1 [Piwik] url=http://piwik.org/ safe=3.0.3 vuln=https://piwik.org/changelog/piwik-3-0-3/ file=Version.php variable=const VERSION subdir=1 extra_match=@link http://piwik.org [phpWishlist] url=http://phpwishlist.sourceforge.net/ safe=0.1.15 vuln=CVE-2005-2203 file=header.inc.php variable=$version subdir=1 extra_match=* Wishlist - [awstats] url=http://awstats.sourceforge.net/ safe=7.1 vuln=CVE-2012-4547 file=awstats.pl variable=$VERSION = subdir=0 [phpMyFAQ] url=http://www.phpmyfaq.de/ safe=2.5.5 vuln=http://www.phpmyfaq.de/advisory_2009-12-01.php file=phpmyfaq.spec variable=version subdir=1 [Horde-webmail] url=http://www.horde.org/ file=bundle.php variable=BUNDLE_VERSION extra_match='Horde Groupware Webmail Edition' safe=1.2.7 vuln=http://secunia.com/advisories/39860 subdir=1 [ResourceSpace] url=http://www.resourcespace.org/ file=version.php variable=$productname='ResourceSpace';$productversion safe=4.2.2833 latest=4.3.2912 vuln=CVE-2011-4311 subdir=1 [apc.php] url=http://pecl.php.net/package/APC file=apc.php # this does not contain it's "real" version number, using the CVS id # instead - there's been an XSS pre 3.1.4. variable=$VERSION='$Id: apc.php safe=301867 vuln=CVE-2010-3294 subdir=0 [webtrees] url=http://webtrees.net/ file=session.php variable=define('WT_VERSION' safe=1.2.4 latest=1.2.4 vuln=http://webtrees.net/en/forums/2-open-discussion/16423-webtrees-124 subdir=1 [PhpGedView] url=http://phpgedview.sourceforge.net/ file=session.php variable=define('PGV_VERSION' safe= vuln=2011-0405 subdir=1 [status.net] url=http://status.net file=common.php variable=define('STATUSNET_BASE_VERSION' safe=0.9.9 vuln=CVE-2011-3370 subdir=1 [limesurvey18] url=http://www.limesurvey.org/ file=common.php variable=$versionnumber extra_match=LimeSurvey safe=2.07 vuln=CVE-2015-5078 subdir=0 [limesurvey19] url=http://www.limesurvey.org/ file=version.php variable=$versionnumber extra_match=$dbversionnumber safe=2.07 vuln=CVE-2015-5078 subdir=0 [limesurvey] url=http://www.limesurvey.org/ file=version.php variable=$config['versionnumber'] extra_match=LimeSurvey safe=2.07 vuln=CVE-2015-5078 subdir=2 [webcalendar] url=http://www.k5n.us/webcalendar.php file=config.php variable=$PROGRAM_VERSION extra_match=@package WebCalendar safe=1.2.7 vuln=CVE-2013-1422 subdir=1 [nextcloud] url=https://nextcloud.com file=version.php variable=$OC_VersionString vuln=https://nextcloud.com/security/advisory/?id=nc-sa-2017-001 safe=10.0.2 old_safe=9.0.57,9.0.56 subdir=0 extra_match=$vendor = 'nextcloud'; [owncloud] url=http://owncloud.org/ file=version.php variable=$OC_VersionString vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-003 safe=9.1.3 old_safe=9.0.8,8.2.10,8.1.12 subdir=0 extra_nomatch=nextcloud [owncloud5] url=http://owncloud.org/ file=util.php variable=return ' subdir=1 extra_match=class OC_Util vuln=https://owncloud.org/security/advisory/?id=oc-sa-2017-003 safe=9.1.3 old_safe=9.0.8,8.2.10,8.1.12 [videodb] url=http://www.videodb.net/ file=constants.php variable=('VERSION', extra_match=TBL_ safe=4.0 vuln=http://www.exploit-db.com/exploits/17660/ subdir=1 [OpenX] url=http://www.openx.com/ file=constants.php variable=OA_VERSION extra_match=OpenX safe= vuln=http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/ subdir=0 [revive] url=http://www.revive-adserver.com/ file=constants.php variable=VERSION extra_match=Revive Adserver safe=3.0.5 vuln=CVE-2013-5954 subdir=0 [osTicket] url=http://osticket.com/ file=bootstrap.php variable=define('THIS_VERSION', safe=1.8.12 latest=1.9.12 vuln=https://github.com/osTicket/osTicket-1.8/releases/tag/v1.8.12 subdir=0