Skip to content

Instantly share code, notes, and snippets.

View aydinnyunus's full-sized avatar

Yunus AYDIN aydinnyunus

1.1k followers · 77 following
View GitHub Profile
@aydinnyunus
aydinnyunus / main.py
Created October 8, 2025 20:10
CNN MNIST
# Kullanım:
# python cnn_main.py dosya.png
#
# NOT:
# - İlk çalıştırmada MNIST veri seti indirilecek ve CNN modeli eğitilecek.
# - Bu yüzden internet bağlantısı gereklidir.
# - Gerekli kütüphaneler:
# python -m venv venv
# source venv/bin/activate # Linux/macOS
# venv\Scripts\activate # Windows
@aydinnyunus
aydinnyunus / main.py
Last active October 9, 2025 11:54
MCP
from fastmcp import FastMCP
import json
import platform
import subprocess
import requests
# fastmcp run main.py --transport sse --port 8000
"""
{
@aydinnyunus
aydinnyunus / main.py
Last active October 5, 2025 16:36
Logistic Regression
# Kullanım:
# python main.py dosya.png
#
# NOT:
# - İlk çalıştırmada MNIST veri seti indirilecek ve model eğitilecek.
# - Bu yüzden internet bağlantısı gereklidir.
# - Gerekli kütüphaneler:
# python -m venv venv
# source venv/bin/activate # Linux/macOS
# venv\Scripts\activate # Windows
@aydinnyunus
aydinnyunus / gist:2469746fe67755f7edde36c480774cf9
Created June 27, 2025 14:08
code_shield.py
from flask import Flask, request
import sqlite3
app = Flask(__name__)
# Set up database
def init_db():
conn = sqlite3.connect('users.db')
c = conn.cursor()
c.execute('CREATE TABLE IF NOT EXISTS users (username TEXT, password TEXT)')
@aydinnyunus
aydinnyunus / gist:42ab4df2fd363d3566b97d09e09fcac6
Last active March 27, 2025 14:03
Business Logic to Command Injection

1. Overview

A security vulnerability has been discovered in Akaunting, an open-source online accounting software. The issue allows an attacker to install paid applications for free, leading to further exploitation, including remote code execution (RCE) and local privilege escalation (LPE). This report outlines the details of the vulnerability, its impact, and potential mitigation steps.

2. Description of the Vulnerability

2.1 Business Logic Bug in Application Purchase System

Akaunting offers an App Store where users can purchase and install various applications to extend functionality. A flaw in the request processing allows an attacker to:

  • Modify request parameters (name, version, path) to install paid applications for free.
@aydinnyunus
aydinnyunus / CVE-2024-29409.md
Last active March 19, 2025 07:07
CVE-2024-29409

CVE Description: File Upload Bypass in NestJS Due to Insufficient MIME Type Validation

CVE-2024-29409
File Upload Bypass Vulnerability in NestJS file-type.validator.ts

Vulnerability Summary: A file upload bypass vulnerability exists in the file-type.validator.ts implementation within the NestJS framework (versions prior to 10.x.x) that allows attackers to bypass MIME type checks during file uploads. The flaw arises from an incorrect or insufficient validation of the Content-Type header and the actual file content type. This allows an attacker to upload files with a mismatched Content-Type, leading to possible security issues, such as remote code execution, file disclosure, or data exfiltration.

Vulnerable Component:

  • Component: @nestjs/common
@aydinnyunus
aydinnyunus / CVE-2024-28607.md
Created March 10, 2025 19:36
CVE-2024-28607
@aydinnyunus
aydinnyunus / CVE-2024-27763.md
Last active March 10, 2025 19:26
CVE-2024-27763

Vulnerability Report: Execution of Arbitrary Code via scontrol show hostname Command in BasicSR

Vulnerability Overview: An issue has been identified in BasicSR version 1.4.2 and earlier versions, maintained by XPixelGroup, which allows a local attacker to execute arbitrary code through the scontrol show hostname command within the init_dist_slurm function. This vulnerability exists due to insufficient input validation in handling environment variables used for CUDA device setup.

Vulnerability Details:

  • CVE-ID: CVE-2024-27763
  • CVSS Score: (Pending assessment)
  • Impact: Local attackers can exploit this vulnerability to execute arbitrary code within the context of the application, potentially leading to unauthorized access, privilege escalation, or denial of service.
@aydinnyunus
aydinnyunus / logistic_regression.py
Created December 3, 2019 15:11
Estimating Gender with Height and Weight
from sklearn.linear_model import LogisticRegression
from sklearn.linear_model import LinearRegression
import pandas as pd
import numpy as np
df = pd.read_csv('W.csv',sep = ',')
df['Height']= df.Height*2.54
df['Weight'] = df.Weight*0.45
Gender = df[df.columns[0]]
HW = df[df.columns[1:3]]
@aydinnyunus
aydinnyunus / NN.py
Created December 2, 2019 15:54
Basic Neural Networks on Python
from numpy import exp,array,random,dot
class NeuralNetwork():
def __init__(self):
random.seed(1)
self.synaptic_weights = 2* random.random((3,1))-1
def __sigmoid(self,x):
return 1/(1+exp(-x))