JVN#91638315: FileMaker server issue where PHP source code may be viewable

FileMaker server contains an issue where PHP source code may be viewable when Custom Web Publishing with PHP is enabled. Impact PHP source code may be viewable. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected FileMake...

Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass and Privilege Escalation

No description provided by source. Filemaker Login Bypass and Privilege Escalation ======================================================================= ADVISORY INFORMATION Title: Filemaker Login Bypass and Privilege Escalation Discovery date: 19/10/2014 Release date: 19/10/2014 Vendor Homepag...

Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass and Privilege Escalation

Exploit for php platform in category web applications Filemaker Login Bypass and Privilege Escalation ======================================================================= ADVISORY INFORMATION Title: Filemaker Login Bypass and Privilege Escalation Discovery date: 19/10/2014 Release date:...

Filemaker Pro 13.03 / Advanced 12.04 - Authentication Bypass / Privilege Escalation

Filemaker Login Bypass and Privilege Escalation ======================================================================= ADVISORY INFORMATION Title: Filemaker Login Bypass and Privilege Escalation Discovery date: 19/10/2014 Release date: 19/10/2014 Vendor Homepage: www.filemaker.com Version:...

Filemaker Pro 13.03 Advanced 12.04 - Authentication Bypass Privilege Escalation

Filemaker Pro 13.03 Advanced 12.04 - Authentication Bypass Privilege Escalation Filemaker Login Bypass and Privilege Escalation ======================================================================= ADVISORY INFORMATION Title: Filemaker Login Bypass and Privilege Escalation Discovery date:...

Filemaker Login Bypass / Privilege Escalation

Filemaker Login Bypass and Privilege Escalation ======================================================================= ADVISORY INFORMATION Title: Filemaker Login Bypass and Privilege Escalation Discovery date: 19/10/2014 Release date: 19/10/2014 Vendor Homepage: www.filemaker.com Version:...

Filemaker Login Bypass and Privilege Escalation Vulnerability

Filemaker Login Bypass and Privilege Escalation ======================================================================= ADVISORY INFORMATION Title: Filemaker Login Bypass and Privilege Escalation Discovery date: 19/10/2014 Release date: 19/10/2014 Vendor Homepage: www.filemaker.com Version:...

CVE-2014-5322

Cross-site scripting XSS vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640...

CVE-2014-5321

FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-23...

Cross site scripting

Cross-site scripting XSS vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640...

Code injection

FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-23...

CVE-2014-5322

Cross-site scripting XSS vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640...

CVE-2014-5322

CVE-2014-5322 affects FileMaker Pro and Pro Advanced (Instant Web Publish) prior to version 13, with the vulnerability arising from an incomplete fix to CVE-2013-3640. The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via u...

CVE-2014-5321

FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-23...

CVE-2014-5321

Summary: CVE-2014-5321 affects FileMaker Pro before 13 and Pro Advanced before 13, which fail to verify X.509 certificates from SSL servers, enabling MITM attackers to spoof servers and access sensitive data. This vulnerability is noted as a consequence of an incorrect fix for CVE-2013-2319. Affe...

FileMaker Pro fails to verify SSL server certificates

Overview FileMaker Pro contains a function to encrypt communications with the FileMaker Server. FileMaker Pro fails to verify the SSL server certificate. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-2319. Impact A man-in-the-minddle attack may allow an attacker to...

FileMaker Pro vulnerable to cross-site scripting

Overview FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-3640. Impact An arbitrary script may be executed on the user's web browser...

San Diego State Warns of Possible Data Breach

San Diego State University has notified some of its current and former enrollees that some of their personal information may have been accessed by unauthorized users, after a database containing the information was found to be accessible by anyone on the affected department’s wired network. The...

CVE-2013-3640

Cross-site scripting XSS vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-2319

FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...