opensource

POC of Grafana Post-Auth DuckDB SQL Injection (File Read) CVE-2024-9264
21 Oct

POC of Grafana Post-Auth DuckDB SQL Injection (File Read) CVE-2024-9264

stp2y0 CommentsNews, , , , , , , ,
(Credit: Timon – stock.adobe.com) This PoC demonstrates how to exploit CVE-2024-9264 to execute DuckDB SQL queries using an authenticated user and read arbitrary files from the file system. Setup: Install the necessary dependencies with the following command: pip install -r requirements.txt Enter fullscreen mode Exit fullscreen mode Usage (File Read Example): python3 CVE-2024-9264.py -u user -p pass -f /etc/passwd http://localhost:3000 Enter fullscreen mode Exit fullscreen mode You can also execute arbitrary DuckDB queries, such as calling getenv to retrieve environment variables: python3 CVE-2024-9264.py -u user -p pass -q "SELECT getenv('PATH')" http://localhost:3000 Enter fullscreen mode Exit fullscreen mode A list of…
Read More
A privacy focused online PDF Editor
17 Oct

A privacy focused online PDF Editor

stp2y0 CommentsNews, , , , , , , , ,
Photo from Markus Spiske privpdf.com is an open-source project by Neural Nirvana aimed to prioritize privacy and safety of PDF documents.Almost every one of us has used the online PDF editor services to merge, split, edit, watermak PDF files. But doing it online comes with a risk of your document data being shared with third party servers, even stored without consent.That's why we created privpdf.com - a privacy focused in-browser PDF editor capable in doing everything current online providers are offering - all inside the browser with no data ever uploaded anywhere!The client-side processing enables the user to be assured…
Read More
Engy, an LLM-powered tool to generate webapp w/ backend for quick prototyping and iteration
15 Oct

Engy, an LLM-powered tool to generate webapp w/ backend for quick prototyping and iteration

stp2y0 CommentsNews, , , , , , , , ,
We created this small tool to bootstrap our ideas. It generates a frontend and backend, while also supports iteratively adding new features / fixing bugs. We've tried quite a few use cases and found it saving our time to prototype. Feel free to try it out and tell us how you think, thanks! Github link: https://github.com/renning22/engy PyPI link: https://pypi.org/project/engy/ Source link lol
Read More
Huge FLUX LoRA vs Fine Tuning / DreamBooth Experiments Completed, Moreover Batch Size 1 vs 7
14 Oct

Huge FLUX LoRA vs Fine Tuning / DreamBooth Experiments Completed, Moreover Batch Size 1 vs 7

stp2y0 CommentsNews, , , , , , , , ,
Huge FLUX LoRA vs Fine Tuning / DreamBooth Experiments Completed, Moreover Batch Size 1 vs 7 Fully Tested as Well, Not Only for Realism But Also for Stylization — 15 vs 256 images having datasets compared as well (expressions / emotions tested too) — Used Kohya GUI for training Full Article Link Details Download images in full resolution to see prompts and model names All trainings are done with Kohya GUI, perfectly can be done locally on Windows, and all trainings were 1024x1024 pixels Fine Tuning / DreamBooth works as low as 6 GB GPUs (0 quality degrade totally same…
Read More
Hacktoberfest Week 2: Diving Deeper into Code Contributions
11 Oct

Hacktoberfest Week 2: Diving Deeper into Code Contributions

stp2y0 CommentsNews, , , , , , , , ,
Greetings, everyone! How’s Hacktoberfest going for you this year? Personally, I’m really enjoying it so far. We’ve now entered the second week of October, which means it’s time for my second pull request (PR) out of the four needed to complete the challenge. This week, I decided to push myself a bit further by contributing to a project’s codebase rather than focusing solely on documentation, as I did in Week 1. Recap of Week 1 In my first PR of Hacktoberfest, I worked on improving project documentation. As a beginner, I wanted to ease into the process with smaller, manageable…
Read More
Building a Country-to-Flag Emoji Converter App with Vite, TypeScript, and Tolgee
11 Oct

Building a Country-to-Flag Emoji Converter App with Vite, TypeScript, and Tolgee

stp2y0 CommentsNews, , , , , , , ,
Introduction Hello there friends, we're still in the season of Hacktoberfest and in this blog post, we'll build a simple Country-to-Flag Emoji Converter App. We will utilize some great tools and technologies: Vite: A modern build tool that significantly improves the development experience with its fast hot module replacement (HMR) and optimized build processes. Vite is perfect for building fast applications and is particularly well-suited for projects using frameworks like React. TypeScript: A superset of JavaScript that adds static typing. By using TypeScript, we can catch errors early in the development process, making our code more robust and maintainable. It…
Read More
Understanding Directory Traversal and Preventing It with SafeLine WAF
10 Oct

Understanding Directory Traversal and Preventing It with SafeLine WAF

stp2y0 CommentsNews, , , , , , ,
Directory traversal, also known as path traversal, is a web security vulnerability that allows an attacker to access files and directories stored outside the web root folder. This article explores directory traversal, its potential impact, and how SafeLine Web Application Firewall (WAF) can protect your web applications from such attacks. What is Directory Traversal? Directory traversal attacks occur when an application accepts unvalidated user input, allowing attackers to navigate the server’s directory structure. By manipulating the file paths, attackers can access sensitive files, including configuration files, password files, and other critical system files. How Directory Traversal Works Attackers exploit directory…
Read More
Hacktoberfest! – Week 1
08 Oct

Hacktoberfest! – Week 1

stp2y0 CommentsNews, , , , , , , ,
It's crazy to think about: Just a month ago, the only use I had for GitHub was downloading software from the release page. Now I am out here contributing to open source projects! Hacktoberfest It's Hacktoberfest time! I'm glad the course dedicated the entire October for this. It's just the push I need. For the first week, I was looking around for something simple, just to get an idea of what it's like to work with people. I joined the Hacktoberfest Discord server and stumbled across Distrochooser. It's not a huge project but is quite well-known among the Linux community.…
Read More
No widgets found. Go to Widget page and add the widget in Offcanvas Sidebar Widget Area.