New Filters:
42922: HTTP: Contec CONPROSYS HMI System Stored Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in Contec CONPROSYS HMI System.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-28651 CVSS 8.6
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: July 18, 2023
42926: HTTP: SolarView Compact conf_mail.php Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in SolarView Compact.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2022-29303 CVSS 9.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Other Server Application or Service
- Release Date: July 18, 2023
42927: HTTP: Nortek Linear eMerge E3-Series Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Nortek Linear eMerge E3-Series.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2022-31499 CVSS 9.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Other Server Application or Service
- Release Date: July 18, 2023
42928: HTTP: APSystems ECU-R version 5203 timezone Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in APSystems ECU-R version 5203.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2022-45699 CVSS 9.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Other Server Application or Service
- Release Date: July 18, 2023
42942: HTTP: WordPress Beautiful Cookie Consent Banner Plugin Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in WordPress plugin Beautiful Cookie Consent Banner.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-3388
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: July 18, 2023
42943: HTTP: Jenkins File Parameter Plugin StashedFileParameterValue Arbitrary File Write Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an arbitrary file write vulnerability in Jenkins File Parameter Plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-32986 CVSS 8.9
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: July 18, 2023
42946: DNS: Interact.sh Standard Request
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects DNS queries to the following domains: oast.live, oast.fun, oast.me, oast.fun, oast.site, oast.online, and interact.sh.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: DNS
- Platform: Multi-Platform Client Application
- Release Date: July 18, 2023
42951: ZDI-CAN-21292: Zero Day Initiative Vulnerability (Foxit PDF Reader)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Foxit PDF Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: July 18, 2023
42952: ZDI-CAN-21326: Zero Day Initiative Vulnerability (Foxit PDF Reader)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Foxit PDF Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: July 18, 2023
42954: HTTP: Adobe ColdFusion Security Bypass Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a security bypass vulnerability in Adobe ColdFusion.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-29301
- Classification: Vulnerability - Access Validation
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: July 18, 2023
42955: HTTP: Adobe ColdFusion Improper Access Control Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit an improper access control vulnerability in Adobe ColdFusion.
- Deployments:
- Deployment: Default (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-29298
- Classification: Vulnerability - Access Validation
- Protocol: HTTP
- Platform: Multi-Platform Client Application
- Release Date: July 18, 2023
42956: HTTP: TerraMaster TOS fileDownload Usage
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects usage of the fileDownload endpoint with an arbitrary path in Terramaster TOS products.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2021-45841
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: July 18, 2023
42957: HTTP: Roundcube Webmail rcube_image.php Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Roundcube Webmail.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-12641
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: July 18, 2023
42958: HTTP: GStreamer FLAC File Parsing Integer Overflow Vulnerability (ZDI-23-903)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an integer overflow vulnerability in GStreamer.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-37327
- Zero Day Initiative: ZDI-23-903
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: UNIX/Linux Client Application
- Release Date: July 18, 2023
42959: ZDI-CAN-21109: Zero Day Initiative Vulnerability (Siemens Tecnomaticix Plant Simulation)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Tecnomaticix Plant Simulation.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: July 18, 2023
42960: ZDI-CAN-21138: Zero Day Initiative Vulnerability (Siemens Tecnomaticix Plant Simulation)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Tecnomaticix Plant Simulation.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: July 18, 2023
42961: ZDI-CAN-21155: Zero Day Initiative Vulnerability (Siemens Tecnomaticix Plant Simulation)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Tecnomaticix Plant Simulation.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: July 18, 2023
42964: HTTP: TerraMaster TOS index.php Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects at attempt to exploit a command injection vulnerability in Terramaster TOS products.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2021-45837
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: July 18, 2023
42965: HTTP: Suspicious iframe Using a Local File Handler Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects a suspicious iframe element using a local file handler in HTTP traffic.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-36884
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Other Server Application or Service
- Release Date: July 18, 2023
42974: ZDI-CAN-21263: Zero Day Initiative Vulnerability (Siemens Simcenter Femap)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Siemens Simcenter Femap.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: July 18, 2023
42975: ZDI-CAN-21266: Zero Day Initiative Vulnerability (Siemens Simcenter Femap)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Siemens Simcenter Femap.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: July 18, 2023
42977: TCP: Redis SCAN KEYS command Denial-of-Service Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Redis.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2022-36021 CVSS 5.7
- Classification: Vulnerability - Denial of Service (Crash/Reboot)
- Protocol: TCP (Generic)
- Platform: UNIX/Linux Server Application or Service
- Release Date: July 18, 2023
42982: HTTP: Avaya Aura Devices Security Bypass Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a security bypass vulnerability in Avaya Aura devices.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: July 18, 2023
Modified Filters (logic changes):
* = Enabled in Default deployments
* 9256: HTTP: HP OpenView Performance Insight Server Code Execution Vulnerability (ZDI-11-034)
- IPS Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Release Date: February 08, 2011
- Last Modified Date: July 18, 2023
* 16505: DNS: PHP php_parserr DNS TXT Record Buffer Overflow Vulnerability
- IPS Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Release Date: August 04, 2014
- Last Modified Date: July 18, 2023
37943: HTTP: D-Link Multiple Products HNAP Authentication Bypass Vulnerability (ZDI-20-1437,ZDI-23-544)
- IPS Version: 3.6.2 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37943: HTTP: D-Link Multiple Products HNAP Authentication Bypass Vulnerability (ZDI-20-1437,23-544)".
- Detection logic updated.
- Vulnerability references updated.
- Release Date: August 11, 2020
- Last Modified Date: July 18, 2023
41777: HTTP: Atlassian Bitbucket Server and Data Center Command Execution Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: September 27, 2022
- Last Modified Date: July 18, 2023
42207: AMQP: SolarWinds Network Performance Monitor Insecure Deserialization Vulnerability (ZDI-23-213)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: January 24, 2023
- Last Modified Date: July 18, 2023
42545: HTTP: Schneider Electric IGSS DashBoard.exe Unvalidated String Usage (ZDI-23-334,ZDI-23-889)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: April 04, 2023
- Last Modified Date: July 18, 2023
* 42711: HTTP: Trend Micro Mobile Security Server File Deletion Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: May 16, 2023
- Last Modified Date: July 18, 2023
* 42889: HTTP: JetBrains TeamCity NuGet Feed/Commit Status Page Stored Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42889: HTTP: JetBrains TeamCity NuGet Feed Page Stored Cross-Site Scripting Vulnerability".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: July 04, 2023
- Last Modified Date: July 18, 2023
Modified Filters (metadata changes only):
* = Enabled in Default deployments
1125: HTTP: ../.. Directory Traversal
- IPS Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Vulnerability references updated.
- Release Date: December 31, 2005
- Last Modified Date: July 18, 2023
* 42884: HTTP: JetBrains TeamCity NuGet Feed/Commit Status Page Stored Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42884: HTTP: JetBrains TeamCity NuGet Feed Page Stored Cross-Site Scripting Vulnerability".
- Description updated.
- Vulnerability references updated.
- Release Date: July 04, 2023
- Last Modified Date: July 18, 2023
* 42885: HTTP: JetBrains TeamCity NuGet Feed/Commit Status Page Stored Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42885: HTTP: JetBrains TeamCity NuGet Feed Page Stored Cross-Site Scripting Vulnerability".
- Description updated.
- Vulnerability references updated.
- Release Date: July 04, 2023
- Last Modified Date: July 18, 2023
Removed Filters:
16684: TCP: Miras Malware Communication Attempt
- IPS Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Release Date: September 02, 2014
- Last Modified Date: February 14, 2017
|
Views:
Keywords: Digital Vaccine #9810