Directed Grid Graphs; All Possible Paths Through Nodes

I have a problem in which I am interested in taking a matrix of positive integer weights, including zero, where the matrix has dimensions nrow x ncol and the columns always sum to the same arbitrary number. I want to search for a list of paths (sets of edges essentially) that traverse through the grid space of the same dimension & create the paths such that the # of edges in a path going through a node is equal to the nodes weight (from the matrix). Ie: if a particular index in my matrix was "3", there would be 3 edges that would run into (and out of) this node.

Some important restrictions. Firstly, The only direction the edges can move is rightward (so vertical edges are disallowed) but only one column distance at a time. I do allow for the edges to go from any row_j (in column_i) to any other possible row_j in column_i+1, so diagonal edges (either upwards or downwards are allowed). Here’s an example of such a solution (it is non singular which is why Im interested in ALL possible paths)

enter image description here

Most importantly, I am interested in two things. First I want all possible paths from this process, and even more critically, I want to minimise the number of possible diagonal edges that my resulting paths will contain.

Any sort of algorithm here to solve this would be hugely helpful.

I have managed to solve the case when I don’t care about the number of diagonal edges, and just want a set of paths that match with the weights. To do that, I used the weights at adjacent columns to generate a Markov transition process. This gave me a series of transition matrices (of length ncol-1) which from there I was able to construct probabilistically what my paths through my weights were.

Let me know if anyone needs any more details/explanations here.

Security Benefits of Having a Content Security Policy for a Domain Loaded through iframe

Consider the below scenario:

There’s a checkout webpage that can be accessed at checkout.example.com. This page has decent security policy. But just to prevent any credit card info leakage, credit card information editing panel is in an iframe and this panel can be loaded from cc.example.com.

Now, are there any security benefits for having a good Content Security Policy for cc.example.com when we are loading it in an iframe in checkout.example.com?

How to connect a mobile app through the woocommerce API to “Create Order” for a product linked to a vendor

I want to connect a mobile app through the woocommerce API to “Create Order” for a product linked to a vendor such that this will create the sub-order automatically for a given vendor account. The woocommerce API does not provide this capability by default and the "post author" is assigned to the user authorised to make the API call. How do I go about this?

Attacking through a malicious HTML file apart from XSS through Javascript

I recently came across a behavior in a web application where the application (through the use of the header ‘Content-Disposition: attachment’) offers to download an HTML file instead of allowing it to get parsed by the browser. Interestingly, the GET requests to the URL that lets you download the HTML page passes the absolute path of the HTML file that will be downloaded – starting all the way from /usr/local....<snip>/public/mypage.html . If an attacker has the privilege to upload an HTML file to this location (public), apart from an XSS attack, what else can he/she do on the machine of a victim who downloads and open the HTML file crafted by the attacker.

I am aware of the XSS attacks , that one can do by injecting some malicious Javascript in the HTML file. Would like to know what else an attacker can get done outside of Javascript XSS attacks.

LFI to RCE through User-Agent

I’m doing a pentest on a FreeBSD machine running CuppaCMS. Already managed to login into the CMS with admin privilege, but it only takes me to a manager menu, with some options to change some tables and stuff like that, no RCE visible escalation. So i discovered an exploit on exploit-db.com that leads to LFI, after some research i was able to do RCE through User-Agent and GET requests sending . So i’m able to read the directories and "cat" some of the files out while reading the httpd-access.log file, but i can’t run any reverse shell on the server, seems like i can’t even ‘nc’ to my machine. I managed to send a php code through the User-Agent doing the reverse shell but when i did it, the server simply crashed. Any ideas on how i could continue to explore the machine? Thanks

Find every path that passes through certain edges

I’m faced with the following problem:

Given

  • Directed and unweighted graph, where each edge E has two attributes

Goal

  • Find every path through the 3 (or more) given edges

Questions

  • Is it NP-hard?
  • Is there already an algorithm for this?
  • I was thinking about placing a node in every edge and than run Dijkstra algorithm to find the shortest path from A to B and then from B to C. Although, this complicates my graph. Any other ideas? Thanks

What threats Android pose to anonymity when internet is accessed by a laptop through USB tethering but over Tor?

I use USB tethering on an Android 10 mobile to access internet on my laptop. I use Tor browser (TB) on laptop and keep my OS (a Linux distro) on laptop patched for security vulnerabilities. At times I need to consume certain content from websites which I don’t want any intermediary to know about.

Can my mobile device see what data I am requesting and receiving other than that I am connected to a Tor entry node and passing data to it back and forth?

Here’s what I have in mind:

  1. I enter security.stackexchange.com in TB’s URL bar in laptop
  2. TB establishes a secure connection and sends my request to Tor network.
  3. My telecom provider, the first potentially hostile intermediary I usually think of can see only that I am connected to Tor network. For scope reduction of this question, let us become ignorant and assume that my ISP or any intermediary further down does not have the capability to either see my original request or link it back to me.

So far, reasonably good. But, the first intermediary seems to be the Android 10 device itself. How can I be sure that my Android 10 device cannot know what data I am requesting and receiving other than that I am connected to Tor?

I am concerned because my mobile device is potentially hostile in my eyes. I do not know the capabilities of the baseband OS (which some state sponsored entities may exploit), don’t know the vulnerabilities of my Android 10 device which has vanilla Android fused with proprietary code. My mobile device is also at the mercy of its OEM which may not provide security updates for it in future.

Map two input streams, one graphics objects and the other characters through Show

The question is how to sequentially execute Show with two streams of input. The first is graphics object stream and the second is a character stream for supplying labelling for the graphics. I tried

ss={{ListPlot[x1]},{ListPlot[x2],…};labelling={aa,bb,cc,dd….}; Map[Show[#1,PlotLabel->StringJoin[#2,”…”,”…”]]&,{ss,labelling}]

I tried both Map and MapThread to inconsistent results, i.e., works sometimes and not work some other times. It became consistent when I put the labelling elements into individual curly brackets, i.e., labelling={{aa},{bb},{cc},(dd)) Wonder why is this the case?

Data structure implementation of MST (Minimum spanning tree) through Fibonacci heaps

How can a fibonacci heap store the information needed by the algorithm? In order to achieve good efficiency, when would you run the Consolidate routine?

Algorithm :

MST(G) 2 T ← {} // set that will store the edges of the MST 3 for i ← 1..n 4 Vi ← {i} 5 Ei ← {(i, j) : j is a vertex and (i, j) is an edge of G} // set of all edges incident with vertex i 6 end for 7 while there is more than one set Vi 8 choose any Vi 9 extract minimum weight edge (u, v) from Ei 10 one of the endpoints u of this edge is in Vi ; let Vj be the set that contains the other endpoint v 11 if i 6= j then 12 T ← T ∪ {(u, v)} 13 combine Vi and Vj into Vi (destroying Vj ) 14 combine Ei and Ej into Ei (destroying Ej ) 15 end if 16 end while 17 return T 18 end MST 

Would you have to add any additional fields to nodes in the heaps or use any additional data structures?