New Filters:
44744: ZDI-CAN-24834: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Ivanti Endpoint Manager.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: September 17, 2024
44776: ZDI-CAN-25087: Zero Day Initiative Vulnerability (SolarWinds Serv-U FTP)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Serv-U FTP.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: September 17, 2024
44777: ZDI-CAN-25292: Zero Day Initiative Vulnerability (Delta Electronics CNCSoft-G2)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Electronics CNCSoft-G2.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: September 17, 2024
44778: HTTP: WordPress Porto Theme Local File Inclusion Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a local file inclusion vulnerability in the WordPress Porto theme.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-3807
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Client Application
- Release Date: September 17, 2024
44779: HTTP: Netgear ProSAFE NMS300 FileUploadUtils Directory Traversal Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in Netgear ProSAFE NMS300.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 17, 2024
44780: HTTP: WordPress GiveWP Plugin give_title Insecure Deserialization Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in the WordPress GiveWP Plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-5932 CVSS 8.8
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 17, 2024
44782: HTTP: WordPress Business Directory Plugin Easy Listing Directories SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in WordPress Business Directory Plugin-Easy Listing Directories.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-4443 CVSS 9.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 17, 2024
44783: HTTP: WordPress Email Subscribers by Icegram Express SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in WordPress Email Subscribers plugin by Icegram Express.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-2876 CVSS 9.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 17, 2024
44784: HTTP: WordPress Country State City Dropdown CF7 plugin SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Country State City Dropdown CF7 plugin for WordPress.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-3495 CVSS 9.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 17, 2024
44786: HTTP: PKZip File Access from WebDAV
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects an attempt to access a PKZip archive over WebDAV.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2024-38213 CVSS 8.8
- Zero Day Initiative: ZDI-24-1209
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Windows Server Application or Service
- Release Date: September 17, 2024
44787: HTTP: phpMyFAQ Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in phpMyFAQ.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-2752
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 17, 2024
44793: HTTP: Kubernetes Ingress-Nginx Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Kubernetes Ingress-Nginx.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-7646
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 17, 2024
Modified Filters (logic changes):
* = Enabled in Default deployments
39724: HTTP: PKZIP Archive Filename Directory Traversal
- IPS Version: 3.6.2 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Release Date: June 01, 2021
- Last Modified Date: September 17, 2024
39846: HTTP: Netgear ProSAFE NMS300 UpLoadServlet Directory Traversal Vulnerability (ZDI-24-563)
- IPS Version: 3.6.2 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "39846: HTTP: Netgear ProSAFE NMS300 FileUploadUtils Directory Traversal Vulnerability (ZDI-24-563)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: June 08, 2021
- Last Modified Date: September 17, 2024
* 42150: HTTP: TP-Link AX1800 locale controller Command Injection Vulnerability (ZDI-23-451)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: January 10, 2023
- Last Modified Date: September 17, 2024
43082: HTTP: Ivanti Avalanche deleteSkin Directory Traversal File Deletion Vulnerability (ZDI-24-1149)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: August 01, 2023
- Last Modified Date: September 17, 2024
43401: HTTP: QNAP Multiple Products Log Upload Command Injection Vulnerability (Pwn2Own ZDI-24-825)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43401: HTTP: QNAP TS-464 Log Upload Command Injection Vulnerability (Pwn2Own ZDI-24-825)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: October 31, 2023
- Last Modified Date: September 17, 2024
43943: HTTP: Centreon updateServiceHost_MC SQL Injection Vulnerability (ZDI-24-595,ZDI-24-596,ZDI-24-899)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 05, 2024
- Last Modified Date: September 17, 2024
44682: RPC: Microsoft Windows Runtime Library Code Execution Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: August 20, 2024
- Last Modified Date: September 17, 2024
Modified Filters (metadata changes only):
* = Enabled in Default deployments
35498: TCP: YSoSerial.Net Deserialization Tool Usage
- IPS Version: 3.6.2 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
- Release Date: June 18, 2019
- Last Modified Date: September 17, 2024
42834: HTTP: Ivanti Avalanche SmartDeviceServer XML External Entity Injection (ZDI-23-1167,ZDI-24-1150)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42834: HTTP: Ivanti Avalanche SmartDeviceServer decodeToMap XML External Entity Injection (ZDI-23-1167)".
- Description updated.
- Vulnerability references updated.
- Release Date: January 23, 2024
- Last Modified Date: September 17, 2024
44074: HTTP: Allegra unzipFile Directory Traversal Vulnerability (ZDI-24-1164)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44074: ZDI-CAN-23453: Zero Day Initiative Vulnerability (Allegra)".
- Description updated.
- Vulnerability references updated.
- Release Date: April 09, 2024
- Last Modified Date: September 17, 2024
44248: HTTP: Delta Electronics DIAScreen DPA File Parsing Buffer Overflow Vulnerability (ZDI-24-1193)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44248: ZDI-CAN-23810: Zero Day Initiative Vulnerability (Delta Electronics DIAScreen)".
- Description updated.
- Vulnerability references updated.
- Release Date: May 07, 2024
- Last Modified Date: September 17, 2024
44333: HTTP: Progress Software WhatsUp Gold SQL Injection Vulnerability (ZDI-24-1185)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44333: ZDI-CAN-23660: Zero Day Initiative Vulnerability (Progress Software WhatsUp Gold)".
- Description updated.
- Vulnerability references updated.
- Release Date: June 04, 2024
- Last Modified Date: September 17, 2024
44335: HTTP: Progress Software WhatsUp Gold SQL Injection Vulnerability (ZDI-24-1186)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44335: ZDI-CAN-23662: Zero Day Initiative Vulnerability (Progress Software WhatsUp Gold)".
- Description updated.
- Vulnerability references updated.
- Release Date: June 04, 2024
- Last Modified Date: September 17, 2024
* 44506: HTTP: Progress Software WhatsUp Gold getMonitorJoin SQL Injection Vulnerability (ZDI-24-1187)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44506: ZDI-CAN-23667: Zero Day Initiative Vulnerability (Progress Software WhatsUp Gold)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: July 16, 2024
- Last Modified Date: September 17, 2024
Removed Filters: None
|
Welcome to the future of Business Support! I'm Trend Companion, your
AI assistant ready to streamline your experience.
Log in for your personalized support!
Chat with Trend Companion for quick answers, or submit a case for
detailed troubleshooting.