infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@Natasha_Jay This needs to be made into @effinbirds
this post | permalink
[RSS] [CVE-2024-58258] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability

https://karmainsecurity.com/KIS-2025-04
this post | permalink
@freddy Yeah that one caught my eye too, and based on the timeline I agree that it's likely unfixed.

(I linked the talk FTR and so that I can tag in @ifsecure in case he has some more info :))
this post | permalink
@freddy @ifsecure OK, CVE-2025-7424 is def not here:

https://support.apple.com/en-us/122719
this post | permalink
@freddy Umm, you mean Safari? :) Their latest security release was on 12th May, within the disclosure window but surely close to the initial disclosure...

Btw. this is the talk&slides by @ifsecure :
https://www.youtube.com/watch?v=U1kc7fcF5Ao
https://docs.google.com/presentation/d/1pAosPlKUw4uI5lfg7FVheTZAtI5mUy8iDeE4znprV34/edit
this post | permalink
"Engineers from Apple & Google have proposed patches in the GNOME gitlab issues, but neither has had a fix applied to the git repo since there is currently no maintainer for libxslt."

https://www.openwall.com/lists/oss-security/2025/07/11/2

CVE-2025-7424 CVE-2025-7425

#OSS #FOSS
this post | permalink
#PHP Security fixes:

- CVE-2025-1735 SQLi via pgsql (related to CVE-2025-1094)
https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3

- CVE-2025-1220 SSRF via fsockopen()
https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r

- CVE-2025-6491 NULL deref in SOAP handling
https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x
this post | permalink
Many static site generator templates don't include meta tags for #RSS / #Atom feeds, but the data is generated by default. It's worth to check:

/index.xml
/feed.xml

#syndication
this post | permalink
Buried in the Log. Exploiting a 20 years old NTFS Vulnerability

https://swarm.ptsecurity.com/buried-in-the-log-exploiting-a-20-years-old-ntfs-vulnerability/

I think I missed this one about CVE-2025-49689
this post | permalink
@mcc (Hungarian) I can access $ with AltGr, don't have hard feelings about it.
this post | permalink
Next Page