[phpMyAdmin] url=http://www.phpmyadmin.net/ safe=3.4.3.1 old_safe=3.3.10.2 vuln=CVE-2010-4481 file=Config.class.php variable=PMA_VERSION subdir=1 [SquirrelMail] url=http://www.squirrelmail.org/ safe=1.4.21 vuln=CVE-2010-1637 file=strings.php variable=$version extra_match=SquirrelMail version number subdir=1 # old mantis versions behave different [Mantis-deprecated] url=http://www.mantisbt.org/ safe=1.2.4 vuln=CVE-2010-4348 file=config_defaults_inc.php variable=$g_mantis_version subdir=0 [Mantis] url=http://www.mantisbt.org/ safe=1.2.4 vuln=CVE-2010-4348 file=constant_inc.php variable=MANTIS_VERSION subdir=1 [Bugzilla3] url=http://www.bugzilla.org/ safe=3.6.3 old_safe=3.4.9,3.2.9 vuln=CVE-2010-3172 file=Constants.pm variable=BUGZILLA_VERSION subdir=1 [Bugzilla2] url=http://www.bugzilla.org/ safe=3.6.3 old_safe=3.4.9,3.2.9 vuln=CVE-2010-3172 file=Config.pm variable=$Bugzilla::Config::VERSION subdir=1 [SimpNews] url=http://www.boesch-it.de safe=2.42.01 vuln=CVE-2007-4872 file=global.inc.php variable=$version subdir=1 extra_match=$path_simpnews [calendarix] url=http://www.calendarix.com/ safe= vuln=CVE-2007-3183 file=cal_config.inc.php variable=$version subdir=0 [myEvent] url=http://mywebland.com/ safe= vuln=CVE-2007-0690 file=config.php variable=$version extra_match=$eventbgcolor subdir=0 [php-stats] url=http://php-stats.com/ safe= vuln=CVE-2007-5453 file=update.php variable=$version extra_match=http://php-stats.com/ subdir=0 [Ampache] url=http://ampache.org/ safe=3.3.3.5 vuln=CVE-2007-4437 file=init.php variable=$results['version'] subdir=1 extra_match=$ampache_path [SiteBar] url=http://sitebar.org/ safe=3.3.9 vuln=CVE-2007-5492 file=database.inc.php variable=SB_CURRENT_RELEASE subdir=1 [phpPgAdmin] url=http://phppgadmin.sourceforge.net/ safe=4.2.2 vuln=CVE-2008-5587 file=lib.inc.php variable=$appVersion subdir=1 extra_match=phpPgAdmin [FTP Admin] url=http://ftpadmin.sourceforge.net/ safe= vuln=CVE-2007-6234 file=session_start.php variable=VERSION subdir=0 extra_match=define("TITLE", "FTP Admin"); [RoundCube-deprecated] url=http://roundcube.net safe=0.5.1 vuln=CVE-2011-1491 file=index.php variable=RCMAIL_VERSION subdir=0 [RoundCube] url=http://roundcube.net safe=0.5.1 vuln=CVE-2011-1491 file=iniset.php variable=RCMAIL_VERSION subdir=2 [Moodle] url=http://www.moodle.org/ safe=1.9.10 vuln=CVE-2010-3866 file=version.php variable=$release subdir=0 extra_match=MOODLE VERSION INFORMATION [cacti] url=http://www.cacti.net/ safe=0.8.7 vuln=CVE-2007-6035 file=global.php variable=$config["cacti_version"] subdir=1 [gnopaste] url=http://gnopaste.sf.net/ safe=0.5.4 vuln=CVE-2006-2834 file=install.php variable=$_SESSION['page_title'] = 'gnopaste subdir=0 [Flyspray] url=http://www.flyspray.org/ safe=0.9.9.5 vuln=CVE-2008-1165 file=class.flyspray.php variable=var $version subdir=1 [phpMyID] url=http://siege.org/projects/phpMyID safe= vuln=CVE-2008-4730 file=MyID.php variable=@version subdir=0 [phplist] url=http://www.phplist.com/ safe=2.10.13 vuln=CVE-2011-0748 file=connect.php variable=define("VERSION" subdir=1 [Piwik] url=http://piwik.org/ safe=1.1 vuln=CVE-2011-0004 file=Version.php variable=const VERSION subdir=1 extra_match=final class Piwik_Version [phpWishlist] url=http://phpwishlist.sourceforge.net/ safe=0.1.15 vuln=CVE-2005-2203 file=header.inc.php variable=$version subdir=1 extra_match=* Wishlist - [awstats] url=http://awstats.sourceforge.net/ safe=7.0 vuln=CVE-2010-4369 file=awstats.pl variable=$VERSION = subdir=0 [phpMyFAQ] url=http://www.phpmyfaq.de/ safe=2.5.5 vuln=http://www.phpmyfaq.de/advisory_2009-12-01.php file=phpmyfaq.spec variable=version subdir=1 [Horde-webmail] url=http://www.horde.org/ file=bundle.php variable=BUNDLE_VERSION extra_match='Horde Groupware Webmail Edition' safe=1.2.7 vuln=http://secunia.com/advisories/39860 subdir=1 [ResourceSpace] url=http://www.resourcespace.org/ file=version.php variable=$productname='ResourceSpace';$productversion safe=3.5.1857 latest=3.8.2144 vuln=http://www.resourcespace.org/download.php subdir=1 [OpenX] url=http://www.openx.org/ file=constants.php variable=OA_VERSION safe=2.8.7 vuln=CVE-2009-4140 subdir=0 [apc.php] url=http://pecl.php.net/package/APC file=apc.php # this does not contain it's "real" version number, using the CVS id # instead - there's been an XSS pre 3.1.4. variable=$VERSION='$Id: apc.php safe=301867 vuln=CVE-2010-3294 subdir=0 [webtrees] url=http://webtrees.net/ file=session.php variable=define('WT_VERSION' safe=1.0.2 latest=1.0.6 vuln=http://wiki.webtrees.net/Release_History subdir=1 [PhpGedView] url=http://phpgedview.sourceforge.net/ file=session.php variable=define('PGV_VERSION' safe= vuln=2011-0405 subdir=1 [status.net] url=http://status.net file=common.php variable=define('STATUSNET_BASE_VERSION' safe=0.9.4 vuln=http://status.net/2010/08/16/statusnet-0-9-4-released subdir=1