18 matches found
Customization under Fire: Plugin Poisoning in Text-To-Image Ecosystem
The prosperity of text-to-image T2I models has fostered a vibrant share-and-play ecosystem centered on Low-Rank Adaptation LoRA plugins, which allow users to customize and share model capabilities with ease. This democratization, however, comes with a hidden but severe security risk. Malicious...
Awakening the Hydra: Stabilizing Multi-Concept Backdoor Injection in Text-To-Image Diffusion Models
Text-to-image diffusion models are increasingly developed through open-source reuse and repeated downstream fine-tuning, where reused checkpoints are difficult to verify and thus more susceptible to hidden backdoor behaviors. In such ecosystems, a single pretrained model may be sequentially adapt...
OrchJail: Jailbreaking Tool-Calling Text-To-Image Agents by Orchestration-Guided Fuzzing
Tool-calling text-to-image T2I agents can plan and execute multi-step tool chains to accomplish complex generation and editing queries. However, this capability introduces a new safety attack surface: harmful outputs may arise from tool orchestration, where individually benign steps combine into...
DREAM: Scalable Red Teaming for Text-To-Image Generative Systems Via Distribution Modeling
Despite the integration of safety alignment and external filters, text-to-image T2I generative models are still susceptible to producing harmful content, such as sexual or violent imagery. This raises serious concerns about unintended exposure and potential misuse. Red teaming, which aims to...
PLA: Prompt Learning Attack against Text-To-Image Generative Models
Text-to-Image T2I models have gained widespread adoption across various applications. Despite the success, the potential misuse of T2I models poses significant risks of generating Not-Safe-For-Work NSFW content. To investigate the vulnerability of T2I models, this paper delves into adversarial...
On the Feasibility of Poisoning Text-To-Image AI Models Via Adversarial Mislabeling
Today's text-to-image generative models are trained on millions of images sourced from the Internet, each paired with a detailed caption produced by Vision-Language Models VLMs. This part of the training pipeline is critical for supplying the models with large volumes of high-quality image-captio...
GenBreak: Red Teaming Text-To-Image Generators Using Large Language Models
Text-to-image T2I models such as Stable Diffusion have advanced rapidly and are now widely used in content creation. However, these models can be misused to generate harmful content, including nudity or violence, posing significant safety risks. While most platforms employ content moderation...
BadReward: Clean-Label Poisoning of Reward Models in Text-To-Image RLHF
Reinforcement Learning from Human Feedback RLHF is crucial for aligning text-to-image T2I models with human preferences. However, RLHF's feedback mechanism also opens new pathways for adversaries. This paper demonstrates the feasibility of hijacking T2I models by poisoning a small fraction of...
Fooling the Watchers: Breaking AIGC Detectors Via Semantic Prompt Attacks
The rise of text-to-image T2I models has enabled the synthesis of photorealistic human portraits, raising serious concerns about identity misuse and the robustness of AIGC detectors. In this work, we propose an automated adversarial prompt generation framework that leverages a grammar tree...
Red-Teaming Text-To-Image Systems by Rule-Based Preference Modeling
Text-to-image T2I models raise ethical and safety concerns due to their potential to generate inappropriate or harmful images. Evaluating these models' security through red-teaming is vital, yet white-box approaches are limited by their need for internal access, complicating their use with...
Inception: Jailbreak the Memory Mechanism of Text-To-Image Generation Systems
Currently, the memory mechanism has been widely and successfully exploited in online text-to-image T2I generation systems e.g., DALL E 3 for alleviating the growing tokenization burden and capturing key information in multi-turn interactions. Despite its practicality, its security analyses have...
REDEditing: Relationship-Driven Precise Backdoor Poisoning on Text-To-Image Diffusion Models
The rapid advancement of generative AI highlights the importance of text-to-image T2I security, particularly with the threat of backdoor poisoning. Timely disclosure and mitigation of security vulnerabilities in T2I models are crucial for ensuring the safe deployment of generative models. We...
Token-Level Constraint Boundary Search for Jailbreaking Text-To-Image Models
Recent advancements in Text-to-Image T2I generation have significantly enhanced the realism and creativity of generated images. However, such powerful generative capabilities pose risks related to the production of inappropriate or harmful content. Existing defense mechanisms, including prompt...
CVE-2023-3387
The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lanatexttoimage' and 'lanatexttoimg' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2023-3387 Lana Text to Image <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lanatexttoimage' and 'lanatexttoimg' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
WordPress plugin Lana Text to Image 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-24524 · WordPress · Lana Text To Image
Name of the Vulnerable Software and Affected Versions: Lana Text to Image plugin for WordPress versions up to, and including, 1.0.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the lana text to image and lana text to img...
WordPress Lana Text to Image Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Lana Text to Image Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3387 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 0d489ec1b616 Credits István Márton...