VAR-200110-0143
Vulnerability from variot - Updated: 2022-05-04 09:49BUGTRAQ ID: 3475PC-to-Phone is an application that can use the IP phone service to implement the function of making calls from PC to phone or from PC to PC. It is maintained by iConnectHere and copyrighted by deltathree. The software was found to have a security issue that could lead to the disclosure of PC-to-Phone confidential authentication information. If a user is in a multi-user system and has read permissions to the "temp.html" file, it is possible to obtain the user account and password for the current login to the system from the file. This file is globally readable by default. & lt; * Source: Arthur Hagen (& lt; a href = 'mailto: art@broomstick.com'> art@broomstick.com< / a>) Link: & lt; a href = 'http: //archives.neohapsis.com /archives/bugtraq/2001-10/0239.html '> http://archives.neohapsis.com/archives/bugtraq/2001-10/0239.html</a> *>
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0143",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-2840"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BUGTRAQ ID: 3475PC-to-Phone is an application that can use the IP phone service to implement the function of making calls from PC to phone or from PC to PC. It is maintained by iConnectHere and copyrighted by deltathree. The software was found to have a security issue that could lead to the disclosure of PC-to-Phone confidential authentication information. If a user is in a multi-user system and has read permissions to the \"temp.html\" file, it is possible to obtain the user account and password for the current login to the system from the file. This file is globally readable by default. \u0026 lt; * Source: Arthur Hagen (\u0026 lt; a href = \u0027mailto: art@broomstick.com\u0027\u003e art@broomstick.com\u0026lt; / a\u003e) Link: \u0026 lt; a href = \u0027http: //archives.neohapsis.com /archives/bugtraq/2001-10/0239.html \u0027\u003e http://archives.neohapsis.com/archives/bugtraq/2001-10/0239.html\u0026lt;/a\u003e *\u003e",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-2840"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2001-2840",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-2840"
}
]
},
"id": "VAR-200110-0143",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-2840"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-2840"
}
]
},
"last_update_date": "2022-05-04T09:49:33.636000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2001-2840"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2001-2840"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2001-2840"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "deltathree PC-to-Phone authentication information disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-2840"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…