Views:

Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

System Requirements

The 3.2.0 DV is supported on devices running TOS 5.x and earlier. The 4.0.0 DV is supported on devices running TOS 6.x or higher, as well as vTPS. Please note that vTPS does not currently support pre-disclosed ZDI filters.

The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_10057.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_4.0.0_10057.pkg

Table of Contents
--------------------------
  New Filters - 10
  Modified Filters (logic changes) - 18
  Modified Filters (metadata changes only) - 3
  Removed Filters - 0

  New Filters:

    46293: HTTP: ZendTo zendto dropoff tmp_name Directory Traversal Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in ZendTo.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-34508 CVSS 2.8
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46294: HTTP: Fortinet FortiWeb get_fabric_user_by_token SQL Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Fortinet FortiWeb.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-25257 CVSS 9.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46295: HTTP: Ivanti Endpoint Manager Mobile setSSHConfiguration Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Ivanti Endpoint Manager Mobile.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-6770 CVSS 6.3
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46296: HTTP: SQL Injection in HTTP Header
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a SQL injection attack in any given header of an HTTP request.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46297: HTTP: Narcissus backend.php Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Narcissus.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2012-10033
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46298: HTTP: RARLAB WinRAR ZIP Directory Traversal Vulnerability (ZDI-25-409)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: The filter detects an attempt to exploit a directory traversal vulnerability in RARLAB WinRAR.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-6218
        - Zero Day Initiative: ZDI-25-409
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Other Client Application
      - Release Date: August 19, 2025

    46303: HTTP: NetLink GPON ONT Router formLogin Request
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a suspicious formLogin request in NetLink GPON ONT router.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 19, 2025

    46304: HTTP: MCP-Remote Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in MCP-Remote.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-6514
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46305: HTTP: WordPress WPvivid Backup Plugin Arbitrary File Upload Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in the WordPress WPvivid Backup plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-5961
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46310: HTTP: NVIDIA Container Toolkit Environment Variable Privilege Escalation Vulnerability (ZDI-25-626)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in NVIDIA Container Toolkit.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-23266
        - Zero Day Initiative: ZDI-25-626
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: August 19, 2025

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    4804: HTTP: SQL Injection (Cookie Header)
      - IPS Version: 3.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: January 25, 2007
      - Last Modified Date: August 19, 2025

    12371: TCP: Hulk DDoS Tool
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 30, 2012
      - Last Modified Date: August 19, 2025

    12715: HTTP: Blind SQL Injection in URI
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: January 23, 2013
      - Last Modified Date: August 19, 2025

    36284: HTTP: Sonatype Nexus Repository Manager createrepo/mergerepo Update
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: October 15, 2019
      - Last Modified Date: August 19, 2025

    36768: HTTP: Microsoft Windows GDI MF3216 Component Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 10, 2019
      - Last Modified Date: August 19, 2025

    37329: HTTP: Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Write Vulnerability (ZDI-20-453)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37329: ZDI-CAN-10138: Zero Day Initiative Vulnerability (Fuji Electric V-Server)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: August 19, 2025

    41352: HTTP: Fuji Electric Tellus Lite V-Simulator 6 X1 Out-of-Bounds Write Vulnerability (ZDI-23-819)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "41352: ZDI-CAN-16600: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 31, 2022
      - Last Modified Date: August 19, 2025

    * 44624: HTTP: Redis Stack RedisBloom Integer Overflow Vulnerability (ZDI-25-009)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 13, 2024
      - Last Modified Date: August 19, 2025

    * 45015: HTTP: QNAP QHora-322 qsyslog-cli username Format String Vulnerability (Pwn2Own ZDI-25-755)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45015: PWN2OWN ZDI-CAN-25672: Zero Day Initiative Vulnerability (QNAP Qhora-322)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: October 29, 2024
      - Last Modified Date: August 19, 2025

    45441: HTTP: Microsoft Windows Theme File Parsing Improper Input Validation Vulnerability (ZDI-25-824,823)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: February 18, 2025
      - Last Modified Date: August 19, 2025

    * 46021: HTTP: Malicious Python Pickle File Transfer
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: July 29, 2025
      - Last Modified Date: August 19, 2025

    46053: HTTP: Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Vulnerability (ZDI-25-701)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46053: ZDI-CAN-27221: Zero Day Initiative Vulnerability (Autodesk AutoCAD)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 17, 2025
      - Last Modified Date: August 19, 2025

    46054: HTTP: Autodesk AutoCAD PRT File Parsing Use-After-Free Vulnerability (ZDI-25-703)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46054: ZDI-CAN-27222: Zero Day Initiative Vulnerability (Autodesk AutoCAD)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 17, 2025
      - Last Modified Date: August 19, 2025

    46055: HTTP: Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Vulnerability (ZDI-25-704)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46055: ZDI-CAN-27223: Zero Day Initiative Vulnerability (Autodesk AutoCAD)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 17, 2025
      - Last Modified Date: August 19, 2025

    46056: HTTP: Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Vulnerability (ZDI-25-705)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46056: ZDI-CAN-27225: Zero Day Initiative Vulnerability (Autodesk AutoCAD)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 17, 2025
      - Last Modified Date: August 19, 2025

    46057: HTTP: Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Write Vulnerability (ZDI-25-706)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46057: ZDI-CAN-27226: Zero Day Initiative Vulnerability (Autodesk AutoCAD)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 17, 2025
      - Last Modified Date: August 19, 2025

    46058: HTTP: Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-25-702)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46058: ZDI-CAN-27253: Zero Day Initiative Vulnerability (Autodesk AutoCAD)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 17, 2025
      - Last Modified Date: August 19, 2025

    * 46106: HTTP: Apple Safari getHourCycles Stack-based Buffer Overflow Vulnerability (ZDI-25-673)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46106: ZDI-CAN-26616: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 01, 2025
      - Last Modified Date: August 19, 2025

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    44157: HTTP: PKZIP Archive Containing a DLL (ZDI-25-810,812)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "44157: HTTP: PKZIP Archive Containing a DLL".
      - Vulnerability references updated.
      - Release Date: April 23, 2024
      - Last Modified Date: August 19, 2025

    45113: HTTP: Ashlar-Vellum Graphite VC6 File Parsing Out-of-Bounds Write Vulnerability (ZDI-25-631)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45113: ZDI-CAN-25465: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: November 26, 2024
      - Last Modified Date: August 19, 2025

    45472: HTTP: Ashlar-Vellum Cobalt XE File Parsing Type Confusion Vulnerability (ZDI-25-722)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45472: ZDI-CAN-26237: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: February 25, 2025
      - Last Modified Date: August 19, 2025

  Removed Filters: None

Keywords: Digital Vaccine #10057

Digital Vaccine #10057

Product / Version includes:

TippingPoint Digital Vaccine All

Last updated: 2025/08/19

Solution ID: KA-0020820

Category: Configure , Troubleshoot , Install

Summary

Digital Vaccine #10057 August 18, 2025

System Requirements

Table of Contents
--------------------------
  New Filters - 10
  Modified Filters (logic changes) - 18
  Modified Filters (metadata changes only) - 3
  Removed Filters - 0

  New Filters:

    46293: HTTP: ZendTo zendto dropoff tmp_name Directory Traversal Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in ZendTo.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-34508 CVSS 2.8
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46294: HTTP: Fortinet FortiWeb get_fabric_user_by_token SQL Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Fortinet FortiWeb.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-25257 CVSS 9.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46295: HTTP: Ivanti Endpoint Manager Mobile setSSHConfiguration Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Ivanti Endpoint Manager Mobile.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-6770 CVSS 6.3
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46296: HTTP: SQL Injection in HTTP Header
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a SQL injection attack in any given header of an HTTP request.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46297: HTTP: Narcissus backend.php Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Narcissus.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2012-10033
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46298: HTTP: RARLAB WinRAR ZIP Directory Traversal Vulnerability (ZDI-25-409)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: The filter detects an attempt to exploit a directory traversal vulnerability in RARLAB WinRAR.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-6218
        - Zero Day Initiative: ZDI-25-409
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Other Client Application
      - Release Date: August 19, 2025

    46303: HTTP: NetLink GPON ONT Router formLogin Request
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a suspicious formLogin request in NetLink GPON ONT router.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: August 19, 2025

    46304: HTTP: MCP-Remote Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in MCP-Remote.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-6514
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46305: HTTP: WordPress WPvivid Backup Plugin Arbitrary File Upload Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in the WordPress WPvivid Backup plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-5961
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: August 19, 2025

    46310: HTTP: NVIDIA Container Toolkit Environment Variable Privilege Escalation Vulnerability (ZDI-25-626)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in NVIDIA Container Toolkit.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-23266
        - Zero Day Initiative: ZDI-25-626
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: August 19, 2025

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    4804: HTTP: SQL Injection (Cookie Header)
      - IPS Version: 3.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: January 25, 2007
      - Last Modified Date: August 19, 2025

    12371: TCP: Hulk DDoS Tool
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 30, 2012
      - Last Modified Date: August 19, 2025

    12715: HTTP: Blind SQL Injection in URI
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: January 23, 2013
      - Last Modified Date: August 19, 2025

    36284: HTTP: Sonatype Nexus Repository Manager createrepo/mergerepo Update
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: October 15, 2019
      - Last Modified Date: August 19, 2025

    36768: HTTP: Microsoft Windows GDI MF3216 Component Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 10, 2019
      - Last Modified Date: August 19, 2025

    37329: HTTP: Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Write Vulnerability (ZDI-20-453)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37329: ZDI-CAN-10138: Zero Day Initiative Vulnerability (Fuji Electric V-Server)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: August 19, 2025

    41352: HTTP: Fuji Electric Tellus Lite V-Simulator 6 X1 Out-of-Bounds Write Vulnerability (ZDI-23-819)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "41352: ZDI-CAN-16600: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 31, 2022
      - Last Modified Date: August 19, 2025

    * 44624: HTTP: Redis Stack RedisBloom Integer Overflow Vulnerability (ZDI-25-009)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 13, 2024
      - Last Modified Date: August 19, 2025

    * 45015: HTTP: QNAP QHora-322 qsyslog-cli username Format String Vulnerability (Pwn2Own ZDI-25-755)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45015: PWN2OWN ZDI-CAN-25672: Zero Day Initiative Vulnerability (QNAP Qhora-322)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: October 29, 2024
      - Last Modified Date: August 19, 2025

    45441: HTTP: Microsoft Windows Theme File Parsing Improper Input Validation Vulnerability (ZDI-25-824,823)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: February 18, 2025
      - Last Modified Date: August 19, 2025

    * 46021: HTTP: Malicious Python Pickle File Transfer
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: July 29, 2025
      - Last Modified Date: August 19, 2025

    46053: HTTP: Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Vulnerability (ZDI-25-701)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46053: ZDI-CAN-27221: Zero Day Initiative Vulnerability (Autodesk AutoCAD)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 17, 2025
      - Last Modified Date: August 19, 2025

    46054: HTTP: Autodesk AutoCAD PRT File Parsing Use-After-Free Vulnerability (ZDI-25-703)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46054: ZDI-CAN-27222: Zero Day Initiative Vulnerability (Autodesk AutoCAD)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 17, 2025
      - Last Modified Date: August 19, 2025

    46055: HTTP: Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Vulnerability (ZDI-25-704)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46055: ZDI-CAN-27223: Zero Day Initiative Vulnerability (Autodesk AutoCAD)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 17, 2025
      - Last Modified Date: August 19, 2025

    46056: HTTP: Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Vulnerability (ZDI-25-705)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46056: ZDI-CAN-27225: Zero Day Initiative Vulnerability (Autodesk AutoCAD)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 17, 2025
      - Last Modified Date: August 19, 2025

    46057: HTTP: Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Write Vulnerability (ZDI-25-706)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46057: ZDI-CAN-27226: Zero Day Initiative Vulnerability (Autodesk AutoCAD)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 17, 2025
      - Last Modified Date: August 19, 2025

    46058: HTTP: Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-25-702)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46058: ZDI-CAN-27253: Zero Day Initiative Vulnerability (Autodesk AutoCAD)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 17, 2025
      - Last Modified Date: August 19, 2025

    * 46106: HTTP: Apple Safari getHourCycles Stack-based Buffer Overflow Vulnerability (ZDI-25-673)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "46106: ZDI-CAN-26616: Zero Day Initiative Vulnerability (Apple Safari)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 01, 2025
      - Last Modified Date: August 19, 2025

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    44157: HTTP: PKZIP Archive Containing a DLL (ZDI-25-810,812)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "44157: HTTP: PKZIP Archive Containing a DLL".
      - Vulnerability references updated.
      - Release Date: April 23, 2024
      - Last Modified Date: August 19, 2025

    45113: HTTP: Ashlar-Vellum Graphite VC6 File Parsing Out-of-Bounds Write Vulnerability (ZDI-25-631)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45113: ZDI-CAN-25465: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: November 26, 2024
      - Last Modified Date: August 19, 2025

    45472: HTTP: Ashlar-Vellum Cobalt XE File Parsing Type Confusion Vulnerability (ZDI-25-722)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45472: ZDI-CAN-26237: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: February 25, 2025
      - Last Modified Date: August 19, 2025

  Removed Filters: None

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Digital Vaccine #10057

Digital Vaccine #10057

Product / Version includes:

Summary