New Filters: 44083: TCP: mySCADA myPRO Hard-Coded Credential Vulnerability (ZDI-24-1226) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Exploits - Severity: High - Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of mySCADA myPRO. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2024-4708 CVSS 9.8 - Zero Day Initiative: ZDI-24-1226 - Classification: Vulnerability - Access Validation - Protocol: TCP (Generic) - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44798: HTTP: Ollama parseFromZipFile GET Directory Traversal Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Ollama. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2024-45436 CVSS 8.7 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44799: HTTP: Ollama parseFromZipFile POST Directory Traversal Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Ollama. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2024-45436 CVSS 8.7 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44800: HTTP: Jenkins scriptText Execution Request - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an attempt to execute a command in Jenkins. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44803: HTTP: PaperCut NG and MF pc-upconnector Server-Side Request Forgery Vulnerability (ZDI-24-783) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a server-side request forgery vulnerability in PaperCut NG and MF. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2024-1884 CVSS 6.1 - Zero Day Initiative: ZDI-24-783 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44804: HTTP: Ivanti Endpoint Manager Improper Input Validation Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an improper input validation vulnerability in Ivanti Endpoint Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2023-28324 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44805: SMTP: Roundcube Webmail html4inline Stored Cross-Site Scripting Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in Roundcube Webmail. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2024-42009 CVSS 6.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44806: HTTP: WordPress GiveWP Plugin give_get_donor_comments SQL Injection Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in the WordPress GiveWP plugin. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2023-0224 CVSS 9.8 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44807: DNS: Visual Studio Code Remote - Tunnels Extension Request Detected - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Security Policy - Severity: Low - Description: This filter detects DNS queries to the domain global.rel.tunnels.api.visualstudio.com. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: DNS - Platform: Multi-Platform Client Application - Release Date: September 24, 2024 44808: TCP: Ivanti Endpoint Manager AgentPortal Remote Code Execution Vulnerability (ZDI-24-1223) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a remote code execution vulnerability in Ivanti Endpoint Manager. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2024-29847 - Zero Day Initiative: ZDI-24-1223 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: TCP (Generic) - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44809: HTTP: WordPress Hide My WP Plugin SQL Injection Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL Injection vulnerability in the WordPress Hide My WP Plugin. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2022-4681 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44810: RPC: Microsoft Windows RDL Service Base24 Decoding Input Validation Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an input validation vulnerability in Microsoft Windows. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2024-38077 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: MS-RPC - Platform: Windows Server Application or Service - Release Date: September 24, 2024 44811: HTTP: Ivanti Cloud Services Appliance datetime.php Command Injection Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in Ivanti Cloud Services Appliance. - Deployments: - Deployment: Default (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2024-8190 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44812: HTTP: SPIP BigUp Plugin Unsafe Parameter Value Detected - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an unsafe parameter value in the BigUp plugin used by SPIP. BigUp is a plugin used for the publishing of content to the shared internet. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2024-8517 CVSS 9.8 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44813: HTTP: WordPress User Registration Plugin Arbitrary File Upload Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in User Registration Plugin for WordPress. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2023-3342 CVSS 9.9 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44814: HTTP: WordPress Post SMTP Plugin fcm-token Authorization Bypass Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an authorization bypass vulnerability in the WordPress Post SMTP Plugin. - Deployments: - Deployment: Default (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2023-6875 - Classification: Vulnerability - Access Validation - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44816: HTTP: WordPress GN Publisher plugin Cross-Site Scripting Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Moderate - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in GN Publisher Plugin for WordPress. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2023-1080 CVSS 6.1 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44817: HTTP: IBOS OA SQL Injection Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit a SQL injection vulnerability in IBOS OA version 4.5.5. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2023-4741 CVSS 8.8 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44819: ZDI-CAN-25064: Zero Day Initiative Vulnerability (Dell Avamar) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Dell Avamar. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: September 24, 2024 44820: ZDI-CAN-25065: Zero Day Initiative Vulnerability (Dell Avamar) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Dell Avamar. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: September 24, 2024 44821: ZDI-CAN-25066: Zero Day Initiative Vulnerability (Dell Avamar) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Dell Avamar. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: September 24, 2024 44822: ZDI-CAN-25068: Zero Day Initiative Vulnerability (Dell Avamar) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, or TPS models. - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Dell Avamar. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: September 24, 2024 44823: ZDI-CAN-25225: Zero Day Initiative Vulnerability (Delta Electronics ISPSoft) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: Not available. - Requires: IPS N-Platform, NX-Platform, or TPS models. - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Electronics ISPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: September 24, 2024 44832: HTTP: WordPress Forminator Plugin Arbitrary File Upload Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in the Forminator plugin for WordPress. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2023-4596 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: September 24, 2024 44834: HTTP: SolarWinds Web Help Desk (WHD) Hardcoded Credential Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in SolarWinds Web Help Desk. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2024-28987 - Classification: Vulnerability - Access Validation - Protocol: HTTP - Platform: Windows Client Application - Release Date: September 24, 2024 Modified Filters (logic changes): * = Enabled in Default deployments * 44107: HTTP: Ivanti Endpoint Manager GetVulnerabilitiesDataTable SQL Injection (ZDI-24-514,ZDI-24-1214) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "44107: HTTP: Ivanti Endpoint Manager GetVulnerabilitiesDataTable SQL Injection Vulnerability (ZDI-24-514)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 16, 2024 - Last Modified Date: September 24, 2024 44646: HTTP: SolarWinds Web Help Desk AjaxProxy Insecure Deserialization Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "44646: HTTP: SolarWinds Dameware Web Help Desk takeValueForKey Remote Code Execution Vulnerability". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: August 13, 2024 - Last Modified Date: September 24, 2024 Modified Filters (metadata changes only): * = Enabled in Default deployments 4560: HTTP: HTTP Request Smuggling - IPS Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. - Release Date: July 24, 2006 - Last Modified Date: September 24, 2024 13855: TCP: XML External Entity (XXE) Usage - IPS Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. - Release Date: April 28, 2014 - Last Modified Date: September 24, 2024 44131: HTTP: Microsoft SharePoint SPThemes Deserialization of Untrusted Data Vulnerability (ZDI-24-1204) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "44131: HTTP: Microsoft SharePoint SPThemes Deserialization of Untrusted Data Vulnerability". - Description updated. - Vulnerability references updated. - Release Date: April 23, 2024 - Last Modified Date: September 24, 2024 44132: HTTP: Microsoft SharePoint SPThemes Insecure Deserialization Vulnerability (ZDI-24-1204) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "44132: HTTP: Microsoft SharePoint SPThemes Insecure Deserialization Vulnerability". - Description updated. - Vulnerability references updated. - Release Date: April 23, 2024 - Last Modified Date: September 24, 2024 44367: HTTP: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization (ZDI-24-1224) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "44367: ZDI-CAN-24270: Zero Day Initiative Vulnerability (SolarWinds Access Rights Manager)". - Description updated. - Vulnerability references updated. - Release Date: June 11, 2024 - Last Modified Date: September 24, 2024 * 44382: HTTP: Ivanti Endpoint Manager SQL Injection Vulnerability(ZDI-24-1213,1215,1217-1219,1221) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "44382: ZDI-CAN-24282,24285,24288,24290,24291: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)". - Description updated. - Vulnerability references updated. - Release Date: June 18, 2024 - Last Modified Date: September 24, 2024 * 44383: HTTP: Ivanti Endpoint Manager GetSQLStatement SQL Injection Vulnerability (ZDI-24-1216) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "44383: ZDI-CAN-24287: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)". - Description updated. - Vulnerability references updated. - Release Date: June 18, 2024 - Last Modified Date: September 24, 2024 44486: HTTP: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability (ZDI-24-1206) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "44486: HTTP: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability". - Description updated. - Vulnerability references updated. - Release Date: July 09, 2024 - Last Modified Date: September 24, 2024 * 44488: HTTP: Ivanti Endpoint Manager ImportXml XML External Entity Processing Vulnerability (ZDI-24-1212) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "44488: ZDI-CAN-24046: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)". - Severity changed from "Critical" to "High". - Description updated. - Vulnerability references updated. - Release Date: July 09, 2024 - Last Modified Date: September 24, 2024 44574: HTTP: Microsoft Windows MSHTML Platform Spoofing Vulnerability (ZDI-24-1207) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "44574: HTTP: Microsoft Windows MSHTML Platform Spoofing Vulnerability". - Description updated. - Vulnerability references updated. - Release Date: August 06, 2024 - Last Modified Date: September 24, 2024 44576: HTTP: Microsoft Windows MSHTML Platform Spoofing Vulnerability (ZDI-24-1207) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "44576: HTTP: Microsoft Windows MSHTML Platform Spoofing Vulnerability". - Description updated. - Vulnerability references updated. - Release Date: August 06, 2024 - Last Modified Date: September 24, 2024 44784: HTTP: WordPress Country State City Dropdown CF7 plugin SQL Injection Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Description updated. - Release Date: September 17, 2024 - Last Modified Date: September 24, 2024 Removed Filters: 44393: ZDI-CAN-24284: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Release Date: June 18, 2024 |