New Filters:
45530: ZDI-CAN-25942: Zero Day Initiative Vulnerability (Fuji Electric Smart Editor)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Smart Editor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: March 11, 2025
45531: ZDI-CAN-26020 Zero Day Initiative Vulnerability (Fuji Electric Smart Editor)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Smart Editor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: March 11, 2025
45532: ZDI-CAN-26022 Zero Day Initiative Vulnerability (Fuji Electric Smart Editor)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Smart Editor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: March 11, 2025
45533: ZDI-CAN-26024: Zero Day Initiative Vulnerability (Fuji Electric Smart Editor)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Smart Editor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: March 11, 2025
45534: HTTP: Zimbra Collaboration CancelPendingAccountOnlyRemoteWipe SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Zimbra Collaboration.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-25064 CVSS 8.9
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 11, 2025
45538: HTTP: SimpleHelp Remote Support Software Directory Traversal Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a directory traversal vulnerability in SimpleHelp remote support software.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-57727
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 11, 2025
45539: TLS: OpenSSL do_x509_check Name Check Denial-of-Service Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a denial-of-service vulnerability in OpenSSL.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-6119 CVSS 6.5
- Classification: Vulnerability - Denial of Service (Crash/Reboot)
- Protocol: SSL/TLS
- Platform: Multi-Platform Server Application or Service
- Release Date: March 11, 2025
45543: HTTP: RaspberryMatic Firmware Upload
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to upload firmware to RaspberryMatic.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2024-24578
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 11, 2025
45544: HTTP: Ruby on Rails MemCacheStore and RedisCacheStore Insecure Deserialization Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Ruby on Rails.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-8165
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 11, 2025
45548: HTTP: PHPGurukul Land Record System contactno SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in PHPGurukul Land Record System.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-25389
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 11, 2025
45550: HTTP: D-Tale Enable Custom Filters Request
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to enable custom filters in D-Tale.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-0655
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 11, 2025
45551: DNS: Cloudflare Tunnel Usage
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects DNS queries to the domain argotunnel.com.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: DNS
- Platform: Multi-Platform Client Application
- Release Date: March 11, 2025
45560: RSYNC: rsync blength Specific Size Usage
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an rsync transfer with a blength of 1.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2024-12086
- Classification: Security Policy - Other
- Protocol: TCP (Generic)
- Platform: Multi-Platform Server Application or Service
- Release Date: March 11, 2025
45561: RSYNC: rsync safe-links Bypass Attempt
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an rsync transfer with the safe-links option enabled that contains an unsafe symlink.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2024-12087, CVE-2024-12088
- Classification: Security Policy - Other
- Protocol: TCP (Generic)
- Platform: Multi-Platform Server Application or Service
- Release Date: March 11, 2025
Modified Filters (logic changes):
* = Enabled in Default deployments
30264: HTTP: WPScan Tool Detection
- IPS Version: 3.6.2 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Release Date: January 30, 2018
- Last Modified Date: March 11, 2025
42240: HTTP: Oracle Web Applications Desktop Integrator bne:uueupload File Upload
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: January 31, 2023
- Last Modified Date: March 11, 2025
* 44868: HTTP: Moodle SQL Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: October 08, 2024
- Last Modified Date: March 11, 2025
* 45069: HTTP: Fortinet FortiWeb gui_upload_compress_act Command Injection Vulnerability (ZDI-25-095)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45069: ZDI-CAN-25180: Zero Day Initiative Vulnerability (Fortinet FortiWeb)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: November 12, 2024
- Last Modified Date: March 11, 2025
* 45070: HTTP: Fortinet FortiWeb cgi_grpc_idl_file_post Command Injection Vulnerability (ZDI-25-094)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45070: ZDI-CAN-25182: Zero Day Initiative Vulnerability (Fortinet FortiWeb)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: November 12, 2024
- Last Modified Date: March 11, 2025
* 45096: HTTP: SonicWALL NSv Authentication Bypass Vulnerability (ZDI-25-012)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: November 19, 2024
- Last Modified Date: March 11, 2025
Modified Filters (metadata changes only):
* = Enabled in Default deployments
* 44037: HTTP: Apple Safari B3 JIT Compiler Integer Underflow Vulnerability (Pwn2Own ZDI-25-092)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44037: PWN2OWN ZDI-CAN-23795: Zero Day Initiative Vulnerability (Apple Safari)".
- Description updated.
- Vulnerability references updated.
- Release Date: March 26, 2024
- Last Modified Date: March 11, 2025
44574: HTTP: Microsoft Windows MSHTML Platform Spoofing Vulnerability (ZDI-24-1207,ZDI-24-1658,ZDI-25-090)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44574: HTTP: Microsoft Windows MSHTML Platform Spoofing Vulnerability (ZDI-24-1207,ZDI-24-1658)".
- Description updated.
- Vulnerability references updated.
- Release Date: August 06, 2024
- Last Modified Date: March 11, 2025
44936: HTTP: PostHog database_schema Server-Side Request Forgery Vulnerability (ZDI-24-1383)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Vulnerability references updated.
- Release Date: October 22, 2024
- Last Modified Date: March 11, 2025
44950: HTTP: PostHog slack_incoming_webhook Server-Side Request Forgery Vulnerability (ZDI-25-096)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44950: ZDI-CAN-25352: Zero Day Initiative Vulnerability (PostHog)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: October 22, 2024
- Last Modified Date: March 11, 2025
* 45302: HTTP: Pandas DataFrame Query Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Vulnerability references updated.
- Release Date: January 14, 2025
- Last Modified Date: March 11, 2025
45482: HTTP: Suspicious PKZIP Archive Containing MMC files
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Miscellaneous modification.
- Release Date: February 25, 2025
- Last Modified Date: March 11, 2025
Removed Filters: None
|
Views:
Keywords: Digital Vaccine #10000