PLA: Prompt Learning Attack against Text-To-Image Generative Models

Text-to-Image T2I models have gained widespread adoption across various applications. Despite the success, the potential misuse of T2I models poses significant risks of generating Not-Safe-For-Work NSFW content. To investigate the vulnerability of T2I models, this paper delves into adversarial...

WordPress WP Content Filter – Censor All Offensive Content From Your Site Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Content Filter – Censor All Offensive Content From Your Site Type Plugin Vulnerable versions = 3.0.1 Fixed in 3.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23883 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership...

Improper Access Control in Crabtyper API

Description The API program allows any user to create languages and snippets, as well as delete them. This allows a malicious actor to add offensive snippets which could appear to any user, and also allows anyone to completely take down the service by removing all snippets. This is due to...

CVE-2018-5168

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...

Activist Leaks 11,000 Private Messages from WikiLeaks' Twitter Chats

An activist has just leaked thousands of private messages of an organization that's been known to publishing others' secrets. More than 11,000 direct messages from a Twitter group used by WikiLeaks and around 10 close supporters have been posted online by journalist and activist Emma Best, exposi...

WebKit Document::prepareForDestruction / CachedFrame Universal XSS

WebKit: UXSS via Document::prepareForDestruction and CachedFrame Here's a snippet of Document::prepareForDestruction void Document::prepareForDestruction if mhasPreparedForDestruction return; ... detachFromFrame; mhasPreparedForDestruction = true; Document::prepareForDestruction is called on the...

AudioCoder Memory Corruption Code Execution Vulnerability

AudioCoder is based on MediaCoder core development of high-performance audio conversion tools. Support for many audio codecs , support for decoding a variety of audio and video files , support for high-volume transcoding , multi-tasking concurrently , giving full play to multi-core performance...

JRE remote code execution 0DAY-vulnerability warning-the black bar safety net

Warning: this site provides programmethodmay carry offensive,for security research and teaching purposes,at your own risk! // // CVE-2 0 1 2-XXXX Java 0day // // reported here: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html // // secret host / ip : ok.aa24.net /...

India orders Net firms to censor themselves

India orders Net firms to censor themselves Some of the world's top websites will have to purge themselves of all content that is offensive to Indians by February 6. The companies must update their progress on the effort within two weeks, a court in New Delhi ordered on Saturday, the reports say...

Facebook User Error Behind Porn, Mutilation Spam

A campaign of explicit spam on Facebook this week has been linked to a relatively obscure exploit method known as self-inflicted JavaScript injection and not malicious code running on Facebook’s massive network, an independent analysis has shown. The campaign, in which violent and pornographic...

Unfixed XSS vulnerability at www.pislick.net

Security researcher St@rExT, has submitted on 02/08/2007 a cross-site-scripting XSS vulnerability affecting www.pislick.net, which at the time of submission ranked 235977 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/08/2007. It is current...