New Filters:
45242: HTTP: Schneider Electric EcoStruxure DC Expert Upgrade Upload (ZDI-24-1417)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to exploit an external entity processing vulnerability in Schneider Electric EcoStruxure.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-8531
- Zero Day Initiative: ZDI-24-1417
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 28, 2025
45312: HTTP: WordPress Super Backup & Clone Plugin Unauthenticated Arbitrary File Upload Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a file upload vulnerability in the WordPress Super Backup & Clone Plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-9290
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 28, 2025
45313: HTTP: Pandora FMS Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Pandora FMS.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-11320
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 28, 2025
45324: HTTP: Mitel MiCollab NuPoint Unified Messaging Path Traversal Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a path traversal vulnerability in Mitel MiCollab NPM.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-41713
- Classification: Vulnerability - Access Validation
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 28, 2025
45338: HTTP: Progress WhatsUp Gold SnmpExtendedActiveMonitor Directory Traversal Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in Progress WhatsUp Gold.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-12105 CVSS 5.9
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 28, 2025
45339: HTTP: Apache Solr URL Path Handling Authentication Bypass Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Apache Solr.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-45216 CVSS 8.5
- Classification: Vulnerability - Access Validation
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 28, 2025
45341: HTTP: LibreNMS Device Display Name Stored Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in LibreNMS.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-53457 CVSS 8.2
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 28, 2025
45342: HTTP: Ivanti Cloud Services Appliance removeCoreCertificate SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL Injection vulnerability in Ivanti Cloud Services Appliance.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-11773 CVSS 7.9
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 28, 2025
45345: HTTP: WordPress White Label MS Plugin Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in the WordPress White Label MS Plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2022-0422
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 28, 2025
45349: LDAP: OpenLDAP back-sql LDAP Search SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in OpenLDAP.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2022-29155
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: LDAP
- Platform: Multi-Platform Server Application or Service
- Release Date: January 28, 2025
45358: HTTP: SonicWall NGFW Buffer Overflow Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in SonicWall NGFW.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2022-22274, CVE-2023-0656
- Classification: Vulnerability - Buffer/Heap Overflow
- Protocol: HTTP
- Platform: Networked Hardware Device Application or Service
- Release Date: January 28, 2025
Modified Filters (logic changes):
* = Enabled in Default deployments
* 43563: HTTP: Apache Struts 2 Code Execution Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: December 19, 2023
- Last Modified Date: January 28, 2025
* 44702: HTTP: Progress Software WhatsUp Gold SQL Injection Vulnerability (ZDI-24-1684,1686,1687)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44702: ZDI-CAN-24638,24644,24647: Zero Day Initiative Vulnerability (Progress Software WhatsUp Gold)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: August 27, 2024
- Last Modified Date: January 28, 2025
44820: HTTP: Dell Avamar Fitness Analyzer API SQL Injection Vulnerability (ZDI-24-1690)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44820: ZDI-CAN-25065: Zero Day Initiative Vulnerability (Dell Avamar)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: September 24, 2024
- Last Modified Date: January 28, 2025
44821: HTTP: Dell Avamar Web Restore Login Action SQL Injection Vulnerability (ZDI-24-1693)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44821: ZDI-CAN-25066: Zero Day Initiative Vulnerability (Dell Avamar)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: September 24, 2024
- Last Modified Date: January 28, 2025
* 45094: HTTP: SonicWALL NSv SSH Management Server-Side Request Forgery Vulnerability (ZDI-25-013)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45094: ZDI-CAN-24820: Zero Day Initiative Vulnerability (SonicWall NSv)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: November 19, 2024
- Last Modified Date: January 28, 2025
Modified Filters (metadata changes only):
* = Enabled in Default deployments
24705: TCP: ysoserial Java Deserialization Tool Usage (ZDI-17-953)
- IPS Version: 3.1.3 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Vulnerability references updated.
- Release Date: July 05, 2016
- Last Modified Date: January 28, 2025
44005: HTTP: Delta Electronics DTM Soft BIN Deserialization of Untrusted Data Vulnerability (ZDI-24-1721)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44005: ZDI-CAN-22331: Zero Day Initiative Vulnerability (Delta Electronics DTM Soft)".
- Description updated.
- Vulnerability references updated.
- Release Date: March 26, 2024
- Last Modified Date: January 28, 2025
44574: HTTP: Microsoft Windows MSHTML Platform Spoofing Vulnerability (ZDI-24-1207,ZDI-24-1658)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44574: HTTP: Microsoft Windows MSHTML Platform Spoofing Vulnerability (ZDI-24-1207)".
- Description updated.
- Vulnerability references updated.
- Release Date: August 06, 2024
- Last Modified Date: January 28, 2025
44739: HTTP: Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Vulnerability (ZDI-24-1732)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44739: ZDI-CAN-24844: Zero Day Initiative Vulnerability (Ashlar-Vellum Cobalt)".
- Description updated.
- Vulnerability references updated.
- Release Date: September 10, 2024
- Last Modified Date: January 28, 2025
44819: HTTP: Dell Avamar Fitness Analyzer API SQL Injection Vulnerability (ZDI-24-1689)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44819: ZDI-CAN-25064: Zero Day Initiative Vulnerability (Dell Avamar)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: September 24, 2024
- Last Modified Date: January 28, 2025
44822: HTTP: Dell Avamar Fitness Analyzer API SQL Injection Vulnerability (ZDI-24-1692)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44822: ZDI-CAN-25068: Zero Day Initiative Vulnerability (Dell Avamar)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: September 24, 2024
- Last Modified Date: January 28, 2025
44930: HTTP: Hugging Face Transformers MobileViTV2 Deserialization Vulnerability (ZDI-24-1513)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44930: ZDI-CAN-24322: Zero Day Initiative Vulnerability (Hugging Face Transformer)".
- Description updated.
- Vulnerability references updated.
- Release Date: October 15, 2024
- Last Modified Date: January 28, 2025
* 45096: HTTP: SonicWALL NSv Authentication Bypass Vulnerability (ZDI-25-012)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45096: ZDI-CAN-24819: Zero Day Initiative Vulnerability (SonicWall NSv)".
- Description updated.
- Vulnerability references updated.
- Release Date: November 19, 2024
- Last Modified Date: January 28, 2025
* 45309: HTTP: Apache Traffic Control Traffic Ops SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Release Date: January 21, 2025
- Last Modified Date: January 28, 2025
Removed Filters:
11889: Backdoor: Poison Ivy Remote Administration Tool
- IPS Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Release Date: November 22, 2011
- Last Modified Date: January 10, 2017
|
Views:
Keywords: Digital Vaccine #9990