New Filters:
45593: HTTP: WordPress Load Gallery Unrestricted File Upload Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an unrestricted file upload vulnerability in the WordPress Load Gallery Plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-23942
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 25, 2025
45597: HTTP: Microsoft SharePoint Server Workflow Rules File Upload Detected
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects a suspicious upload workflow rules file in a Microsoft SharePoint request.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2024-43464
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Windows Server Application or Service
- Release Date: March 25, 2025
45598: HTTP: B&R Systems Diagnostics Manager Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in the B&R Systems Diagnostics Manager.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2022-4286
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 25, 2025
45599: ZDI-CAN-23114: Zero Day Initiative Vulnerability (eCharge Hardy Barth cPH2)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting eCharge Hardy Barth cPH2.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: March 25, 2025
45600: ZDI-CAN-23115: Zero Day Initiative Vulnerability (eCharge Hardy Barth cPH2)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting eCharge Hardy Barth cPH2.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: March 25, 2025
45601: ZDI-CAN-23113: Zero Day Initiative Vulnerability (eCharge Hardy Barth cPH2)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting eCharge Hardy Barth cPH2.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: March 25, 2025
45603: HTTP: Palo Alto Networks Expedition Admin Password Reset
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an attempt to reset the Admin password in Palo Alto Networks Expedition.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2024-5910
- Classification: Security Policy - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 25, 2025
45604: HTTP: SimpleSAMLphp SAML2 Authentication Bypass Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit an authentication bypass vulnerability in SimpleSAMLphp SAML2.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-27773
- Classification: Vulnerability - Access Validation
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 25, 2025
45605: HTTP: Aviatrix Controller API cloud_type Command Injection Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in Aviatrix Controller.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2024-50603
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Other Server Application or Service
- Release Date: March 25, 2025
45608: HTTP: Apache Camel CamelExecCommandExecutable Code Execution Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a code execution vulnerability in Apache Camel.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-27636, CVE-2025-29891
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 25, 2025
45612: HTTP: WordPress WP Shortcodes Plugin src Stored Cross-Site Scripting Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in the WordPress WP Shortcodes plugin.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-0370 CVSS 4.0
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 25, 2025
45623: RDP: Microsoft Windows RDP Server HandleDisconnected Use-After-Free Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Remote Desktop Protocol.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2024-49116
- Classification: Vulnerability - Other
- Protocol: TCP (Generic)
- Platform: Windows Client Application
- Release Date: March 25, 2025
45635: HTTP: Next.js Middleware Authorization Bypass Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit an authorization bypass vulnerability in a Next.js using the middleware feature.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2025-29927 CVSS 9.1
- Classification: Vulnerability - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: March 25, 2025
Modified Filters (logic changes):
* = Enabled in Default deployments
* 44745: HTTP: Ivanti Endpoint Manager serverStorage SQL Injection Vulnerability (ZDI-24-1506)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: September 10, 2024
- Last Modified Date: March 25, 2025
44824: HTTP: Delta Electronics ISPSoft DVP File Parsing Out-Of-Bounds Write Vulnerability (ZDI-25-101)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44824: ZDI-CAN-25284: Zero Day Initiative Vulnerability (Delta Electronics ISPSoft)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: October 22, 2024
- Last Modified Date: March 25, 2025
* 44963: HTTP: Ivanti Endpoint Manager Patch Unrestricted File Upload Vulnerability (ZDI-25-114)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44963: ZDI-CAN-25312: Zero Day Initiative Vulnerability (Ivanti Endpoint Manager)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: October 22, 2024
- Last Modified Date: March 25, 2025
* 45070: HTTP: Fortinet FortiWeb cgi_grpc_idl_file_post Command Injection Vulnerability (ZDI-25-094)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: November 12, 2024
- Last Modified Date: March 25, 2025
45441: ZDI-CAN-26364,26372: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, or TPS models.
- Detection logic updated.
- Release Date: February 18, 2025
- Last Modified Date: March 25, 2025
Modified Filters (metadata changes only):
* = Enabled in Default deployments
35498: TCP: YSoSerial.Net Deserialization Tool Usage
- IPS Version: 3.6.2 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
- Release Date: June 18, 2019
- Last Modified Date: March 25, 2025
* 44071: HTTP: Adobe ColdFusion PMSGenericServlet Improper Access Control Vulnerability
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Vulnerability references updated.
- Release Date: April 09, 2024
- Last Modified Date: March 25, 2025
* 44606: HTTP: Apache Pinot Authentication Bypass Vulnerability (ZDI-25-109)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44606: ZDI-CAN-24001: Zero Day Initiative Vulnerability (Apache Pinot)".
- Description updated.
- Vulnerability references updated.
- Release Date: August 13, 2024
- Last Modified Date: March 25, 2025
44823: HTTP: Delta Electronics ISPSoft DVP File Parsing Buffer Overflow Vulnerability (ZDI-25-102)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44823: ZDI-CAN-25225: Zero Day Initiative Vulnerability (Delta Electronics ISPSoft)".
- Description updated.
- Vulnerability references updated.
- Release Date: September 24, 2024
- Last Modified Date: March 25, 2025
* 44844: HTTP: Microsoft Windows LNK File UI Misrepresentation Vulnerability (ZDI-25-148)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "44844: ZDI-CAN-25373: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Vulnerability references updated.
- Release Date: October 01, 2024
- Last Modified Date: March 25, 2025
* 45054: HTTP: SolarWinds Platform TestWebsiteUrl Server-Side Request Forgery Vulnerability (ZDI-25-104)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45054: ZDI-CAN-25334: Zero Day Initiative Vulnerability (SolarWinds Platform)".
- Severity changed from "Critical" to "High".
- Description updated.
- Vulnerability references updated.
- Release Date: November 12, 2024
- Last Modified Date: March 25, 2025
45155: HTTP: Siemens Simcenter Femap NEU File Parsing Memory Corruption Vulnerability (ZDI-25-130)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45155: ZDI-CAN-25443: Zero Day Initiative Vulnerability (Siemens Simcenter Femap)".
- Description updated.
- Vulnerability references updated.
- Release Date: December 10, 2024
- Last Modified Date: March 25, 2025
45211: HTTP: HP LaserJet Pro MFP 3301fdw PostScript File Parsing Type Confusion (Pwn2Own ZDI-25-106)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45211: PWN2OWN ZDI-CAN-25533: Zero Day Initiative Vulnerability (HP Color LaserJet Pro MFP 3301fdw)".
- Description updated.
- Vulnerability references updated.
- Release Date: December 24, 2024
- Last Modified Date: March 25, 2025
45233: HTTP: Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Vulnerability (ZDI-25-134)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "45233: ZDI-CAN-25734: Zero Day Initiative Vulnerability (Adobe Acrobat Reader DC)".
- Description updated.
- Vulnerability references updated.
- Release Date: December 24, 2024
- Last Modified Date: March 25, 2025
Removed Filters: None |
Views:
Keywords: Digital Vaccine #10004