New Filters:
45383: HTTP: Craft CMS Twig Template Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a template injection vulnerability in Craft CMS Twig.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-56145
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 11, 2025
45394: HTTP: Windows Themes Spoofing Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a security bypass vulnerability in Microsoft Windows Themes.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-21308
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Windows Client Application
- Release Date: February 11, 2025
45397: HTTP: WordPress Ultimate Exporter Plugin Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in the WordPress Ultimate Exporter plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-56278
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 11, 2025
45398: HTTP: PHPGurukul Land Record System SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in PHPGurukul Land Record System.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-13079
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 11, 2025
45399: HTTP: npm mpath module Prototype Pollution Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a prototype pollution vulnerability in npm mpath module.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-16490, CVE-2021-23438
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 11, 2025
45401: DNS: Lemon8 Access
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects DNS queries to the domain lemon8-web.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: DNS
- Platform: Multi-Platform Client Application
- Release Date: February 11, 2025
45402: HTTP: WordPress Tutor LMS Plugin get_instructors SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in the Wordpress Tutor LMS Plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-10400 CVSS 6.5
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 11, 2025
45404: HTTP: Palo Alto Networks GlobalProtect Unsafe Server Configuration Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an unsafe server configuration response when the client is attempting to connect in Palo Alto Network's GlobalProtect application.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2024-5921 CVSS 7.1
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 11, 2025
45405: HTTP: CyberPanel Authenticated OS Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in CyberPanel.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-53376
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 11, 2025
45408: DNS: MooMoo Access
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects DNS queries to the domain static.moomoo.com.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: DNS
- Platform: Multi-Platform Client Application
- Release Date: February 11, 2025
45409: DNS: Tiger Brokers Access
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects DNS queries to the domain itiger.com.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: DNS
- Platform: Multi-Platform Client Application
- Release Date: February 11, 2025
45410: DNS: Webull Access
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects DNS queries to the domain webull.com.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: DNS
- Platform: Multi-Platform Client Application
- Release Date: February 11, 2025
45411: DNS: DeepSeek Access
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects DNS queries to the domain deepseek.com.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: DNS
- Platform: Multi-Platform Client Application
- Release Date: February 11, 2025
45412: DNS: RedNote Access
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects DNS queries to the domain xiaohongshu.com.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: DNS
- Platform: Multi-Platform Client Application
- Release Date: February 11, 2025
45414: NFS: Contec CMS8000 Patient Monitor Mounting Command
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects an attempt to mount a remote NFS share by the Contec CMS8000 Patient Monitor device.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: NFS
- Platform: UNIX/Linux Server Application or Service
- Release Date: February 11, 2025
45421: HTTP: WordPress Ultimate Exporter Plugin Arbitrary File Upload Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in the WordPress Ultimate Exporter plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-56278
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 11, 2025
Modified Filters (logic changes):
* = Enabled in Default deployments
* 43677: TCP: Oracle WebLogic Server LinkRef JNDI Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: January 16, 2024
- Last Modified Date: February 11, 2025
44374: HTTP: Microsoft SharePoint Server Business Data Connectivity Remote Code Execution Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: June 11, 2024
- Last Modified Date: February 11, 2025
44682: RPC: Microsoft Windows Runtime Library Code Execution Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: August 20, 2024
- Last Modified Date: February 11, 2025
45358: HTTP: SonicWall NGFW Buffer Overflow Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: January 28, 2025
- Last Modified Date: February 11, 2025
Modified Filters (metadata changes only):
* = Enabled in Default deployments
42224: HTTP: Trend Micro Apex One File Inclusion Vulnerability (ZDI-25-007,ZDI-23-590,ZDI-23-591)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42224: ZDI-CAN-20180,20181,23401: Zero Day Initiative Vulnerability (Trend Micro Multiple Products)".
- Description updated.
- Vulnerability references updated.
- Release Date: January 31, 2023
- Last Modified Date: February 11, 2025
43508: HTTP: Suspicious Internet Shortcut File Download
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Miscellaneous modification.
- Release Date: December 05, 2023
- Last Modified Date: February 11, 2025
* 43701: HTTP: Microsoft Windows SmartScreen Internet Shortcut Security Bypass Vulnerability (ZDI-24-165,361)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Vulnerability references updated.
- Release Date: January 17, 2024
- Last Modified Date: February 11, 2025
* 44701: HTTP: Progress Software WhatsUp Gold GetOrderByClause SQL Injection Vulnerability (ZDI-24-1685)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44701: ZDI-CAN-24634: Zero Day Initiative Vulnerability (Progress Software WhatsUp Gold)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: August 27, 2024
- Last Modified Date: February 11, 2025
Removed Filters:
42720: HTTP: Oracle WebLogic Server JNDI Insecure Deserialization Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Release Date: May 23, 2023
- Last Modified Date: December 03, 2024
|
Views:
Keywords: Digital Vaccine #9995