MidnightBSD

Advisories for filemaker

CVE-2000-0123 HIGH

The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
filemaker filemaker *
CVE-2000-0385 MEDIUM

FileMaker Pro 5 Web Companion allows remote attackers to bypass Field-Level database security restrictions via the XML publishing or email capabilities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
filemaker filemaker 5.0
CVE-2000-0386 HIGH

FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
filemaker filemaker 5.0
CVE-2013-2319 MEDIUM

FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
filemaker filemaker_pro 9.0.3.0
filemaker filemaker_pro_advanced 11.0.2.0
filemaker filemaker_pro 10.0.3.0
filemaker filemaker_pro 10.0.1.0
filemaker filemaker_pro 11.0.2.0
filemaker filemaker_pro_advanced 8.5.2.0
filemaker filemaker_pro_advanced 9.0.2.0
filemaker filemaker_pro_advanced 10.0.3.0
filemaker filemaker_pro 8.5.1.0
filemaker filemaker_pro 8.0.3.0
filemaker filemaker_pro_advanced 10.0.0.0
filemaker filemaker_pro_advanced 8.5.1.0
filemaker filemaker_pro_advanced 11.0.1.0
filemaker filemaker_pro 8.0.2.0
filemaker filemaker_pro 9.0.0.0
filemaker filemaker_pro 9.0.2.0
filemaker filemaker_pro_advanced 8.0.1.0
filemaker filemaker_pro 10.0.0.0
filemaker filemaker_pro_advanced 10.0.1.0
filemaker filemaker_pro_advanced 9.0.0.0
filemaker filemaker_pro_advanced *
filemaker filemaker_pro 11.0.0.0
filemaker filemaker_pro 8.0.1.0
filemaker filemaker_pro_advanced 8.0.3.0
filemaker filemaker_pro_advanced 9.0.1.0
filemaker filemaker_pro_advanced 8.5.0.0
filemaker filemaker_pro *
filemaker filemaker_pro 11.0.1.0
filemaker filemaker_pro 8.5.2.0
filemaker filemaker_pro 11.0.3.0
filemaker filemaker_pro_advanced 11.0.0.0
filemaker filemaker_pro 8.5.0.0
filemaker filemaker_pro 9.0.1.0
filemaker filemaker_pro_advanced 8.0.2.0
filemaker filemaker_pro_advanced 11.0.3.0
filemaker filemaker_pro_advanced 9.0.3.0
CVE-2013-3640 MEDIUM

Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
filemaker filemaker_pro 9.0.3.0
filemaker filemaker_pro_advanced 11.0.2.0
filemaker filemaker_pro 10.0.3.0
filemaker filemaker_pro 10.0.1.0
filemaker filemaker_pro 11.0.2.0
filemaker filemaker_pro_advanced 8.5.2.0
filemaker filemaker_pro_advanced 9.0.2.0
filemaker filemaker_pro_advanced 10.0.3.0
filemaker filemaker_pro 8.5.1.0
filemaker filemaker_pro 8.0.3.0
filemaker filemaker_pro_advanced 10.0.0.0
filemaker filemaker_pro_advanced 8.5.1.0
filemaker filemaker_pro_advanced 11.0.1.0
filemaker filemaker_pro 8.0.2.0
filemaker filemaker_pro 9.0.0.0
filemaker filemaker_pro 9.0.2.0
filemaker filemaker_pro_advanced 8.0.1.0
filemaker filemaker_pro 10.0.0.0
filemaker filemaker_pro_advanced 10.0.1.0
filemaker filemaker_pro_advanced 9.0.0.0
filemaker filemaker_pro_advanced *
filemaker filemaker_pro 11.0.0.0
filemaker filemaker_pro 8.0.1.0
filemaker filemaker_pro_advanced 8.0.3.0
filemaker filemaker_pro_advanced 9.0.1.0
filemaker filemaker_pro_advanced 8.5.0.0
filemaker filemaker_pro *
filemaker filemaker_pro 11.0.1.0
filemaker filemaker_pro 8.5.2.0
filemaker filemaker_pro 11.0.3.0
filemaker filemaker_pro_advanced 11.0.0.0
filemaker filemaker_pro 8.5.0.0
filemaker filemaker_pro 9.0.1.0
filemaker filemaker_pro_advanced 8.0.2.0
filemaker filemaker_pro_advanced 11.0.3.0
filemaker filemaker_pro_advanced 9.0.3.0
CVE-2014-5321 MEDIUM

FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
filemaker filemaker_pro *
filemaker filemaker_pro_advanced *
CVE-2014-5322 MEDIUM

Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
filemaker filemaker_pro *
filemaker filemaker_pro_advanced *
CVE-2016-1208 MEDIUM

The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
filemaker filemaker *
apple mac_os_x *