New Filters:
44292: HTTP: Apple WebKit WebCore ContainerNode Use-After-Free Vulnerability (ZDI-25-048)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects malicious use of JavaScript strings in Apple WebKit.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2024-27856 CVSS 8.8
- Zero Day Initiative: ZDI-25-048
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45173: HTTP: Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability (ZDI-25-043)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in Ivanti Avalanche.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-13180 CVSS 7.5
- Zero Day Initiative: ZDI-25-043
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45406: HTTP: WordPress File Upload Plugin wfu_file_downloader.php Suspicious File Upload Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects a suspicious upload via the WordPress File Upload Plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-11613 CVSS 9.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45423: TLS: Moomoo SNI Server Access Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects Moomoo SNI server access.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: SSL/TLS
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45424: TLS: Webull SNI Server Access Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects Webull SNI server access.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: SSL/TLS
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45425: TLS: Deepseek SNI Server Access Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects Deepseek SNI server access.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: SSL/TLS
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45426: TLS: Tiger Brokers SNI Server Access Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects Tiger Brokers SNI server access.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: SSL/TLS
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45427: TLS: RedNote SNI Server Access Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects RedNote SNI Server Access.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Other
- Protocol: SSL/TLS
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45430: Kerberos: Possible Microsoft Windows Kerberos AS-REP Roasting Attack
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects a Kerberos AS-REQ packet.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2022-33679 CVSS 8.1
- Classification: Security Policy - Other
- Protocol: Other Protocol
- Platform: Windows Server Application or Service
- Release Date: February 18, 2025
45431: HTTP: Apache Solr configset upload Directory Traversal Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in Apache Solr.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-52012
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45432: HTTP: Nagios XI historytab_content.php SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Nagios XI.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45433: HTTP: CyberPanel getresetstatus Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in CyberPanel.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-51378 CVSS 9.0
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45434: HTTP: PHPGurukul Land Record System searchdata SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in PHPGurukul Land Record System.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-13078
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45441: ZDI-CAN-26364,26372: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: February 18, 2025
45442: HTTP: Forbatt SA DVR Multiple Devices Exposed Endpoint Usage Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to access an unsafe end point in multiple TVT DVR devices.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-7339
- Classification: Security Policy - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: February 18, 2025
45443: HTTP: Linear eMerge E3 Series OS Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Linear eMerge E3 series.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-9441 CVSS 9.8
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45444: HTTP: Mitel MiCollab NuPoint Messenger SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Mitel MiCollab NPM.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-35286
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45445: HTTP: Wordpress KiviCare Plugin Unauthenticated SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in the Wordpress KiviCare Plugin.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-11728
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45455: HTTP: Palo Alto Networks PAN-OS Management Web Interface Authentication Bypass Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an authentication bypass vulnerability in Palo Alto Networks PAN-OS.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-0108
- Classification: Vulnerability - Access Validation
- Protocol: HTTP
- Platform: Other Server Application or Service
- Release Date: February 18, 2025
45456: SMB: Microsoft Windows Explorer CFileSysEnum Directory Traversal Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit an information disclosure vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-49082
- Classification: Vulnerability - Other
- Protocol: SMB
- Platform: Multi-Platform Server Application or Service
- Release Date: February 18, 2025
45457: HTTP: QNAP QTS and QuTS Hero Link Following Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a link following vulnerability in QNAP QTS and QuTS Hero.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-53691
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Other Server Application or Service
- Release Date: February 18, 2025
Modified Filters (logic changes):
* = Enabled in Default deployments
35498: TCP: YSoSerial.Net Deserialization Tool Usage
- IPS Version: 3.6.2 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: June 18, 2019
- Last Modified Date: February 18, 2025
* 44967: HTTP: Ivanti Endpoint Manager Improper Input Validation Vulnerability (ZDI-25-035,037,038)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44967: ZDI-CAN-25417,25419,25420: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: October 22, 2024
- Last Modified Date: February 18, 2025
* 44971: HTTP: Ivanti Endpoint Manager AlertService Uninitialized Memory Information Disclosure (ZDI-25-039)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44971: ZDI-CAN-25431: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: October 29, 2024
- Last Modified Date: February 18, 2025
45172: HTTP: Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability(ZDI-25-042)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45172: ZDI-CAN-25711: Zero Day Initiative Vulnerability (Ivanti Avalanche)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: December 24, 2024
- Last Modified Date: February 18, 2025
45174: HTTP: Ivanti Avalanche SecureFilter Authentication Bypass Vulnerability (ZDI-25-044)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45174: ZDI-CAN-25713: Zero Day Initiative Vulnerability (Ivanti Avalanche)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: December 17, 2024
- Last Modified Date: February 18, 2025
Modified Filters (metadata changes only):
* = Enabled in Default deployments
* 44382: HTTP: Ivanti Endpoint Manager SQL Injection (ZDI-24-1213,1215,1217,1218,1219,1221,ZDI-25-041)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44382: HTTP: Ivanti Endpoint Manager SQL Injection Vulnerability (ZDI-24-1213,1215,1217-1219,1221)".
- Description updated.
- Vulnerability references updated.
- Release Date: June 18, 2024
- Last Modified Date: February 18, 2025
* 44666: HTTP: Microsoft Edge ms-its Scheme Code Execution Vulnerability (ZDI-25-083)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44666: ZDI-CAN-24690: Zero Day Initiative Vulnerability (Microsoft Edge)".
- Description updated.
- Vulnerability references updated.
- Release Date: August 20, 2024
- Last Modified Date: February 18, 2025
* 44754: HTTP: Trend Micro Deep Security Agent Manual Scan Command Injection Vulnerability (ZDI-24-1516)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44754: ZDI-CAN-25215: Zero Day Initiative Vulnerability (Trend Micro Deep Security)".
- Description updated.
- Vulnerability references updated.
- Release Date: September 10, 2024
- Last Modified Date: February 18, 2025
* 44962: HTTP: Ivanti Endpoint Manager Untrusted Search Path Vulnerability (ZDI-25-031)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44962: ZDI-CAN-25209: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Description updated.
- Vulnerability references updated.
- Release Date: October 22, 2024
- Last Modified Date: February 18, 2025
* 44966: HTTP: Ivanti Endpoint Manager AlertService Type Confusion Vulnerability (ZDI-25-034)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44966: ZDI-CAN-25416: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: November 12, 2024
- Last Modified Date: February 18, 2025
* 44968: HTTP: Ivanti Endpoint Manager Improper Input Validation Vulnerability (ZDI-25-033,036)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44968: ZDI-CAN-25415,25418: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: October 22, 2024
- Last Modified Date: February 18, 2025
Removed Filters: None
|
Views:
Keywords: Digital Vaccine #9996