New Filters: 46065: HTTP: Suspicious Visual Studio Code Java Extension Pack Detected - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a download of a suspicious Visual Studio Code Java extension pack. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2021-27084 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: June 24, 2025 46066: HTTP: Liferay Portal Cross-Site Scripting Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Liferay Portal. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Evaluation (Permit / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2025-4388 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: June 24, 2025 46067: HTTP: Samsung MagicINFO 9 Server Directory Traversal Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Samsung MagicINFO 9 Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2025-4632 CVSS 9.0 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: June 24, 2025 46068: HTTP: Apple macOS CoreAudio mRemappingArray Memory Corruption Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a type confusion vulnerability in Apple macOS CoreAudio. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Evaluation (Permit / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2025-31200 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: June 24, 2025 46069: HTTP: VMware vSphere Potential Finger Printing Attempt - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Security Policy - Severity: Low - Description: This filter detects potential fingerprinting activity in VMWare vSphere. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2021-21972 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Multi-Platform Client Application - Release Date: June 24, 2025 46070: HTTP: TBK DVR Command Injection Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in various TBK DVRs. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Evaluation (Permit / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2024-3721 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Networked Hardware Device Application or Service - Release Date: June 24, 2025 46072: HTTP: HPE Insight Remote Support DownloadAttachmentServlet Directory Traversal Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Hewlett Packard Enterprise (HPE) Insight Remote Support. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2025-37098 CVSS 5.7 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: June 24, 2025 46078: HTTP: WordPress Depicter Plugin SQL Injection Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: High - Description: This filter detects the attempt to exploit a SQL injection vulnerability in WordPress Depicter Plugin. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Evaluation (Permit / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2025-2011 CVSS 7.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: June 24, 2025 46089: HTTP: Roundcube Webmail _from URL Parameter Insecure Deserialization Vulnerability - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Roundcube Webmail. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2025-49113 CVSS 8.2 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: June 24, 2025 Modified Filters (logic changes): * = Enabled in Default deployments * 29068: HTTP: Apache Struts 2 Struts 1 Plugin Remote Code Execution Vulnerability - IPS Version: 3.1.3 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Release Date: July 11, 2017 - Last Modified Date: June 24, 2025 37910: HTTP: Ruby on Rails Argument Call Code Execution Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: July 28, 2020 - Last Modified Date: June 24, 2025 38625: HTTP: WordPress Duplicator duplicator_download Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: December 22, 2020 - Last Modified Date: June 24, 2025 * 42150: HTTP: TP-Link AX1800 locale controller Command Injection Vulnerability (ZDI-23-451) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Detection logic updated. - Release Date: January 10, 2023 - Last Modified Date: June 24, 2025 44388: HTTP: Ivanti Endpoint Manager EFile Directory Traversal Vulnerability (ZDI-24-1501) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Detection logic updated. - Release Date: June 18, 2024 - Last Modified Date: June 24, 2025 * 44487: HTTP: Ivanti Endpoint Manager Report_RunPatch SQL Injection Vulnerability (ZDI-24-1502) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Detection logic updated. - Release Date: July 09, 2024 - Last Modified Date: June 24, 2025 * 45058: HTTP: HPE StoreOnce VSA deletePackages Directory Traversal Vulnerability (ZDI-25-317) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "45058: ZDI-CAN-25314: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise StoreOnce VSA)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 12, 2024 - Last Modified Date: June 24, 2025 * 45059: HTTP: HPE StoreOnce VSA getServerPayload Directory Traversal Vulnerability (ZDI-25-318) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "45059: ZDI-CAN-25315: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise StoreOnce VSA)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 12, 2024 - Last Modified Date: June 24, 2025 * 45060: HTTP: HPE StoreOnce VSA getServerCertificate Command Injection Vulnerability (ZDI-25-319) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "45060: ZDI-CAN-25316: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise StoreOnce VSA)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 12, 2024 - Last Modified Date: June 24, 2025 45500: HTTP: HPE Insight Remote Support processAttachmentDataStream Directory Traversal (ZDI-25-325) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "45500: ZDI-CAN-25954: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Insight Remote Support)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 04, 2025 - Last Modified Date: June 24, 2025 Modified Filters (metadata changes only): * = Enabled in Default deployments 36985: HTTP: Pivotal RabbitMQ X-Reason HTTP Header Denial-of-Service Vulnerability - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: February 04, 2020 - Last Modified Date: June 24, 2025 42846: HTTP: Fortinet FortiOS enc Parameter Usage - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Description updated. - Vulnerability references updated. - Release Date: June 20, 2023 - Last Modified Date: June 24, 2025 45728: HTTP: Allegra isZipEntryValide Directory Traversal Vulnerability (ZDI-25-255) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "45728: ZDI-CAN-25730: Zero Day Initiative Vulnerability (Allegra)". - Description updated. - Vulnerability references updated. - Release Date: April 15, 2025 - Last Modified Date: June 24, 2025 Removed Filters: None |