Published: 26/01/2014 Updated: 29/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

XML External Entity (XXE) vulnerability in MARC::File::XML module prior to 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent malicious users to read arbitrary files via a crafted XML file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
galen charlton marc-xml
galen charlton marc-xml 1.0

Debian Bug report logs - #736275 libmarc-xml-perl: CVE-2014-1626: XML External Entity privilege escalation Package: libmarc-xml-perl; Maintainer for libmarc-xml-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for libmarc-xml-perl is src:libmarc-xml-perl (PTS, buildd, popcon) Reported by: Salv ...

CWE-264 http://www.securityfocus.com/bid/65057 http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html http://secunia.com/advisories/55404 http://libmail.georgialibraries.org/pipermail/open-ils-general/2014-January/009442.html https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes http://lists.katipo.co.nz/pipermail/koha/2014-January/038430.html http://osvdb.org/102367 https://exchange.xforce.ibmcloud.com/vulnerabilities/90620 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736275 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1626

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect