{"api_version":"1","generated_at":"2026-05-30T11:02:27+00:00","cve":"CVE-2007-2514","urls":{"html":"https://cve.report/CVE-2007-2514","api":"https://cve.report/api/cve/CVE-2007-2514.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-2514","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-2514"},"summary":{"title":"CVE-2007-2514","description":"Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-06-06 10:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securityfocus.com/archive/1/470563/100/0/threaded","name":"http://www.securityfocus.com/archive/1/470563/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/2785","name":"http://securityreason.com/securityalert/2785","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"XferWan.exe Stack Overflow Vulnerability - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://dvlabs.tippingpoint.com/advisory/TPTI-07-10","name":"http://dvlabs.tippingpoint.com/advisory/TPTI-07-10","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"TippingPoint | DVLabs |","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/42059","name":"http://osvdb.org/42059","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securitytracker.com/id?1018191","name":"http://www.securitytracker.com/id?1018191","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Centennial Discovery Stack Overflow in 'XferWan.exe' Lets Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/24317","name":"http://www.securityfocus.com/bid/24317","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Multiple Vendor XFERWAN.EXE Filename Remote Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34723","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34723","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-2514","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2514","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"2514","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"centennial","cpe5":"discovery","cpe6":"2006_featurepack1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2514","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"numara","cpe5":"asset_manager","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2514","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"discovery","cpe6":"6.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T13:42:33.652Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1018191","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018191"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://dvlabs.tippingpoint.com/advisory/TPTI-07-10"},{"name":"centennial-xferwan-bo(34723)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34723"},{"name":"20070605 TPTI-07-10: Centennial Software XferWan.exe Stack Overflow Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/470563/100/0/threaded"},{"name":"24317","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/24317"},{"name":"42059","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/42059"},{"name":"2785","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/2785"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-06-05T00:00:00.000Z","descriptions":[{"lang":"en","value":"Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"1018191","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018191"},{"tags":["x_refsource_MISC"],"url":"http://dvlabs.tippingpoint.com/advisory/TPTI-07-10"},{"name":"centennial-xferwan-bo(34723)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34723"},{"name":"20070605 TPTI-07-10: Centennial Software XferWan.exe Stack Overflow Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/470563/100/0/threaded"},{"name":"24317","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/24317"},{"name":"42059","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/42059"},{"name":"2785","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/2785"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-2514","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1018191","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018191"},{"name":"http://dvlabs.tippingpoint.com/advisory/TPTI-07-10","refsource":"MISC","url":"http://dvlabs.tippingpoint.com/advisory/TPTI-07-10"},{"name":"centennial-xferwan-bo(34723)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34723"},{"name":"20070605 TPTI-07-10: Centennial Software XferWan.exe Stack Overflow Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/470563/100/0/threaded"},{"name":"24317","refsource":"BID","url":"http://www.securityfocus.com/bid/24317"},{"name":"42059","refsource":"OSVDB","url":"http://osvdb.org/42059"},{"name":"2785","refsource":"SREASON","url":"http://securityreason.com/securityalert/2785"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-2514","datePublished":"2007-06-06T10:00:00.000Z","dateReserved":"2007-05-07T00:00:00.000Z","dateUpdated":"2024-08-07T13:42:33.652Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-06-06 10:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:centennial:discovery:2006_featurepack1:*:*:*:*:*:*:*","matchCriteriaId":"E9336740-2AB3-4189-8EDE-3D12A3AFDB57"},{"vulnerable":true,"criteria":"cpe:2.3:a:numara:asset_manager:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F8AE39DA-388A-414F-B58A-B7B0E9B4FC12"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:discovery:6.5:*:*:*:*:*:*:*","matchCriteriaId":"8679A66E-0AEB-42E3-938D-E7AEC74A6C62"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"2514","Ordinal":"1","Title":"CVE-2007-2514","CVE":"CVE-2007-2514","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"2514","Ordinal":"1","NoteData":"Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173.","Type":"Description","Title":"CVE-2007-2514"},{"CveYear":"2007","CveId":"2514","Ordinal":"2","NoteData":"2007-06-06","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"2514","Ordinal":"3","NoteData":"2018-10-16","Type":"Other","Title":"Modified"}]}}}