New Filters:
44292: HTTP: Apple WebKit WebCore ContainerNode Use-After-Free Vulnerability (ZDI-25-048)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects malicious use of JavaScript strings in Apple WebKit.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2024-27856 CVSS 8.8
- Zero Day Initiative: ZDI-25-048
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45173: HTTP: Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability (ZDI-25-043)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in Ivanti Avalanche.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-13180 CVSS 7.5
- Zero Day Initiative: ZDI-25-043
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45406: HTTP: WordPress File Upload Plugin wfu_file_downloader.php Suspicious File Upload Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects a suspicious upload via the WordPress File Upload Plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-11613 CVSS 9.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45423: TLS: Moomoo SNI Server Access Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects Moomoo SNI server access.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: SSL/TLS
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45424: TLS: Webull SNI Server Access Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects Webull SNI server access.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: SSL/TLS
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45425: TLS: Deepseek SNI Server Access Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects Deepseek SNI server access.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: SSL/TLS
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45426: TLS: Tiger Brokers SNI Server Access Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects Tiger Brokers SNI server access.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: SSL/TLS
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45427: TLS: RedNote SNI Server Access Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects RedNote SNI Server Access.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: SSL/TLS
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45430: Kerberos: Possible Microsoft Windows Kerberos AS-REP Roasting Attack
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects a Kerberos AS-REQ packet.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2022-33679 CVSS 8.1
- Classification: Security Policy - Other
- Protocol: Other Protocol
- Platform: Windows Server Application or Service
- Release Date: February 18, 2025
45431: HTTP: Apache Solr configset upload Directory Traversal Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in Apache Solr.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-52012
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45432: HTTP: Nagios XI historytab_content.php SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Nagios XI.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45433: HTTP: CyberPanel getresetstatus Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in CyberPanel.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-51378 CVSS 9.0
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45434: HTTP: PHPGurukul Land Record System searchdata SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in PHPGurukul Land Record System.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-13078
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45441: ZDI-CAN-26364,26372: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: February 18, 2025
45442: HTTP: Forbatt SA DVR Multiple Devices Exposed Endpoint Usage Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to access an unsafe end point in multiple TVT DVR devices.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-7339
- Classification: Security Policy - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: February 18, 2025
45443: HTTP: Linear eMerge E3 Series OS Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Linear eMerge E3 series.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-9441 CVSS 9.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45444: HTTP: Mitel MiCollab NuPoint Messenger SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Mitel MiCollab NPM.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-35286
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45445: HTTP: Wordpress KiviCare Plugin Unauthenticated SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in the Wordpress KiviCare Plugin.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-11728
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45455: HTTP: Palo Alto Networks PAN-OS Management Web Interface Authentication Bypass Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Palo Alto Networks PAN-OS.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-0108
- Classification: Vulnerability - Access Validation
- Protocol: HTTP
- Platform: Other Server Application or Service
- Release Date: February 18, 2025
45456: SMB: Microsoft Windows Explorer CFileSysEnum Directory Traversal Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-49082
- Classification: Vulnerability - Other
- Protocol: SMB
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45457: HTTP: QNAP QTS and QuTS Hero Link Following Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a link following vulnerability in QNAP QTS and QuTS Hero.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-53691
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Other Server Application or Service
- Release Date: February 18, 2025
Modified Filters (logic changes):
* = Enabled in Default deployments
35498: TCP: YSoSerial.Net Deserialization Tool Usage
- IPS Version: 3.6.2 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: June 18, 2019
- Last Modified Date: February 18, 2025
* 44967: HTTP: Ivanti Endpoint Manager Improper Input Validation Vulnerability (ZDI-25-035,037,038)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44967: ZDI-CAN-25417,25419,25420: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: October 22, 2024
- Last Modified Date: February 18, 2025
* 44971: HTTP: Ivanti Endpoint Manager AlertService Uninitialized Memory Information Disclosure (ZDI-25-039)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44971: ZDI-CAN-25431: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: October 29, 2024
- Last Modified Date: February 18, 2025
45172: HTTP: Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability(ZDI-25-042)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45172: ZDI-CAN-25711: Zero Day Initiative Vulnerability (Ivanti Avalanche)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: December 24, 2024
- Last Modified Date: February 18, 2025
45174: HTTP: Ivanti Avalanche SecureFilter Authentication Bypass Vulnerability (ZDI-25-044)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45174: ZDI-CAN-25713: Zero Day Initiative Vulnerability (Ivanti Avalanche)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: December 17, 2024
- Last Modified Date: February 18, 2025
Modified Filters (metadata changes only):
* = Enabled in Default deployments
* 44382: HTTP: Ivanti Endpoint Manager SQL Injection (ZDI-24-1213,1215,1217,1218,1219,1221,ZDI-25-041)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44382: HTTP: Ivanti Endpoint Manager SQL Injection Vulnerability (ZDI-24-1213,1215,1217-1219,1221)".
- Description updated.
- Vulnerability references updated.
- Release Date: June 18, 2024
- Last Modified Date: February 18, 2025
* 44666: HTTP: Microsoft Edge ms-its Scheme Code Execution Vulnerability (ZDI-25-083)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44666: ZDI-CAN-24690: Zero Day Initiative Vulnerability (Microsoft Edge)".
- Description updated.
- Vulnerability references updated.
- Release Date: August 20, 2024
- Last Modified Date: February 18, 2025
* 44754: HTTP: Trend Micro Deep Security Agent Manual Scan Command Injection Vulnerability (ZDI-24-1516)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44754: ZDI-CAN-25215: Zero Day Initiative Vulnerability (Trend Micro Deep Security)".
- Description updated.
- Vulnerability references updated.
- Release Date: September 10, 2024
- Last Modified Date: February 18, 2025
* 44962: HTTP: Ivanti Endpoint Manager Untrusted Search Path Vulnerability (ZDI-25-031)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44962: ZDI-CAN-25209: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Description updated.
- Vulnerability references updated.
- Release Date: October 22, 2024
- Last Modified Date: February 18, 2025
* 44966: HTTP: Ivanti Endpoint Manager AlertService Type Confusion Vulnerability (ZDI-25-034)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44966: ZDI-CAN-25416: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: November 12, 2024
- Last Modified Date: February 18, 2025
* 44968: HTTP: Ivanti Endpoint Manager Improper Input Validation Vulnerability (ZDI-25-033,036)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44968: ZDI-CAN-25415,25418: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: October 22, 2024
- Last Modified Date: February 18, 2025
Removed Filters: None
|
Welcome to the future of Business Support! I'm Trend Companion, your
AI assistant ready to streamline your experience.
Log in for your personalized support!
Chat with Trend Companion for quick answers, or submit a case for
detailed troubleshooting.