New Filters:
44083: TCP: mySCADA myPRO Hard-Coded Credential Vulnerability (ZDI-24-1226)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: High
- Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of mySCADA myPRO.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2024-4708 CVSS 9.8
- Zero Day Initiative: ZDI-24-1226
- Classification: Vulnerability - Access Validation
- Protocol: TCP (Generic)
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44798: HTTP: Ollama parseFromZipFile GET Directory Traversal Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in Ollama.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-45436 CVSS 8.7
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44799: HTTP: Ollama parseFromZipFile POST Directory Traversal Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in Ollama.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-45436 CVSS 8.7
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44800: HTTP: Jenkins scriptText Execution Request
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to execute a command in Jenkins.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44803: HTTP: PaperCut NG and MF pc-upconnector Server-Side Request Forgery Vulnerability (ZDI-24-783)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a server-side request forgery vulnerability in PaperCut NG and MF.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-1884 CVSS 6.1
- Zero Day Initiative: ZDI-24-783
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44804: HTTP: Ivanti Endpoint Manager Improper Input Validation Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an improper input validation vulnerability in Ivanti Endpoint Manager.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-28324
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44805: SMTP: Roundcube Webmail html4inline Stored Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in Roundcube Webmail.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-42009 CVSS 6.5
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44806: HTTP: WordPress GiveWP Plugin give_get_donor_comments SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in the WordPress GiveWP plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-0224 CVSS 9.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44807: DNS: Visual Studio Code Remote - Tunnels Extension Request Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects DNS queries to the domain global.rel.tunnels.api.visualstudio.com.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: DNS
- Platform: Multi-Platform Client Application
- Release Date: September 24, 2024
44808: TCP: Ivanti Endpoint Manager AgentPortal Remote Code Execution Vulnerability (ZDI-24-1223)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a remote code execution vulnerability in Ivanti Endpoint Manager.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-29847
- Zero Day Initiative: ZDI-24-1223
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: TCP (Generic)
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44809: HTTP: WordPress Hide My WP Plugin SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL Injection vulnerability in the WordPress Hide My WP Plugin.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2022-4681
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44810: RPC: Microsoft Windows RDL Service Base24 Decoding Input Validation Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an input validation vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-38077
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: MS-RPC
- Platform: Windows Server Application or Service
- Release Date: September 24, 2024
44811: HTTP: Ivanti Cloud Services Appliance datetime.php Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Ivanti Cloud Services Appliance.
- Deployments:
- Deployment: Default (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-8190
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44812: HTTP: SPIP BigUp Plugin Unsafe Parameter Value Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an unsafe parameter value in the BigUp plugin used by SPIP. BigUp is a plugin used for the publishing of content to the shared internet.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-8517 CVSS 9.8
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44813: HTTP: WordPress User Registration Plugin Arbitrary File Upload Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in User Registration Plugin for WordPress.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-3342 CVSS 9.9
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44814: HTTP: WordPress Post SMTP Plugin fcm-token Authorization Bypass Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an authorization bypass vulnerability in the WordPress Post SMTP Plugin.
- Deployments:
- Deployment: Default (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-6875
- Classification: Vulnerability - Access Validation
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44816: HTTP: WordPress GN Publisher plugin Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Moderate
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in GN Publisher Plugin for WordPress.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-1080 CVSS 6.1
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44817: HTTP: IBOS OA SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in IBOS OA version 4.5.5.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-4741 CVSS 8.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44819: ZDI-CAN-25064: Zero Day Initiative Vulnerability (Dell Avamar)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Dell Avamar.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: September 24, 2024
44820: ZDI-CAN-25065: Zero Day Initiative Vulnerability (Dell Avamar)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Dell Avamar.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: September 24, 2024
44821: ZDI-CAN-25066: Zero Day Initiative Vulnerability (Dell Avamar)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Dell Avamar.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: September 24, 2024
44822: ZDI-CAN-25068: Zero Day Initiative Vulnerability (Dell Avamar)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Dell Avamar.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: September 24, 2024
44823: ZDI-CAN-25225: Zero Day Initiative Vulnerability (Delta Electronics ISPSoft)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Electronics ISPSoft.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: September 24, 2024
44832: HTTP: WordPress Forminator Plugin Arbitrary File Upload Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in the Forminator plugin for WordPress.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2023-4596
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: September 24, 2024
44834: HTTP: SolarWinds Web Help Desk (WHD) Hardcoded Credential Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit an authentication bypass vulnerability in SolarWinds Web Help Desk.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-28987
- Classification: Vulnerability - Access Validation
- Protocol: HTTP
- Platform: Windows Client Application
- Release Date: September 24, 2024
Modified Filters (logic changes):
* = Enabled in Default deployments
* 44107: HTTP: Ivanti Endpoint Manager GetVulnerabilitiesDataTable SQL Injection (ZDI-24-514,ZDI-24-1214)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44107: HTTP: Ivanti Endpoint Manager GetVulnerabilitiesDataTable SQL Injection Vulnerability (ZDI-24-514)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: April 16, 2024
- Last Modified Date: September 24, 2024
44646: HTTP: SolarWinds Web Help Desk AjaxProxy Insecure Deserialization Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44646: HTTP: SolarWinds Dameware Web Help Desk takeValueForKey Remote Code Execution Vulnerability".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: August 13, 2024
- Last Modified Date: September 24, 2024
Modified Filters (metadata changes only):
* = Enabled in Default deployments
4560: HTTP: HTTP Request Smuggling
- IPS Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
- Release Date: July 24, 2006
- Last Modified Date: September 24, 2024
13855: TCP: XML External Entity (XXE) Usage
- IPS Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Vulnerability references updated.
- Release Date: April 28, 2014
- Last Modified Date: September 24, 2024
44131: HTTP: Microsoft SharePoint SPThemes Deserialization of Untrusted Data Vulnerability (ZDI-24-1204)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44131: HTTP: Microsoft SharePoint SPThemes Deserialization of Untrusted Data Vulnerability".
- Description updated.
- Vulnerability references updated.
- Release Date: April 23, 2024
- Last Modified Date: September 24, 2024
44132: HTTP: Microsoft SharePoint SPThemes Insecure Deserialization Vulnerability (ZDI-24-1204)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44132: HTTP: Microsoft SharePoint SPThemes Insecure Deserialization Vulnerability".
- Description updated.
- Vulnerability references updated.
- Release Date: April 23, 2024
- Last Modified Date: September 24, 2024
44367: HTTP: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization (ZDI-24-1224)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44367: ZDI-CAN-24270: Zero Day Initiative Vulnerability (SolarWinds Access Rights Manager)".
- Description updated.
- Vulnerability references updated.
- Release Date: June 11, 2024
- Last Modified Date: September 24, 2024
* 44382: HTTP: Ivanti Endpoint Manager SQL Injection Vulnerability(ZDI-24-1213,1215,1217-1219,1221)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44382: ZDI-CAN-24282,24285,24288,24290,24291: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Description updated.
- Vulnerability references updated.
- Release Date: June 18, 2024
- Last Modified Date: September 24, 2024
* 44383: HTTP: Ivanti Endpoint Manager GetSQLStatement SQL Injection Vulnerability (ZDI-24-1216)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44383: ZDI-CAN-24287: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Description updated.
- Vulnerability references updated.
- Release Date: June 18, 2024
- Last Modified Date: September 24, 2024
44486: HTTP: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability (ZDI-24-1206)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44486: HTTP: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability".
- Description updated.
- Vulnerability references updated.
- Release Date: July 09, 2024
- Last Modified Date: September 24, 2024
* 44488: HTTP: Ivanti Endpoint Manager ImportXml XML External Entity Processing Vulnerability (ZDI-24-1212)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44488: ZDI-CAN-24046: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: July 09, 2024
- Last Modified Date: September 24, 2024
44574: HTTP: Microsoft Windows MSHTML Platform Spoofing Vulnerability (ZDI-24-1207)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44574: HTTP: Microsoft Windows MSHTML Platform Spoofing Vulnerability".
- Description updated.
- Vulnerability references updated.
- Release Date: August 06, 2024
- Last Modified Date: September 24, 2024
44576: HTTP: Microsoft Windows MSHTML Platform Spoofing Vulnerability (ZDI-24-1207)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44576: HTTP: Microsoft Windows MSHTML Platform Spoofing Vulnerability".
- Description updated.
- Vulnerability references updated.
- Release Date: August 06, 2024
- Last Modified Date: September 24, 2024
44784: HTTP: WordPress Country State City Dropdown CF7 plugin SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Release Date: September 17, 2024
- Last Modified Date: September 24, 2024
Removed Filters:
44393: ZDI-CAN-24284: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Release Date: June 18, 2024
|
Views:
Keywords: Digital Vaccine #9944