Liferay Portal 信息泄露漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. A security vulnerability exists in Liferay Portal...

The vulnerability of the FortiOS operating system arises from the use of weak encryption algorithms during TLS connections, allowing attackers to carry out phishing attacks and man-in-the-middle attacks.

The vulnerability of the FortiOS operating system arises from the use of weak encryption algorithms during TLS connections. Exploiting this vulnerability allows a remote attacker to perform phishing attacks and man-in-the-middle attacks...

SMTP STS Coming Soon to Gmail, Other Webmail Providers

Gmail users can expect the introduction of SMTP Strict Transport Security to the email service some time this year, bringing a measure of security similar to certificate pinning to one of the world’s biggest webmail services. Elie Bursztein, the head of Google’s anti-abuse research team, said at...

CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

Design/Logic Flaw

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

CVE-2016-1672

Removed by vendor...

CVE-2016-1672

CVE-2016-1672 affects Google Chrome up to version 51.0.2704.63, where the ModuleSystem::RequireForJsInner function in extension bindings mishandles properties, enabling remote cross-origin bypass via unspecified vectors. Public advisories and vendor fixes (e.g., Chromium 51.0.2704.63) address the...

CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...