25-004 (January 28, 2025)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Ivanti Endpoint Manager
1012149* - Ivanti Endpoint Manager Multiple SQL Injection Vulnerabilities - 1
1012205* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50326)


WSO2
1012249 - WSO2 Multiple Products Arbitrary File Upload Vulnerability (CVE-2024-7074)


Web Application PHP Based
1012243 - MediaWiki CSS Extension Path Traversal Vulnerability (CVE-2024-47841)
1012261 - WordPress 'Drag and Drop Multiple File Upload - Contact Form 7' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0595)
1012259 - WordPress 'VR Calendar' Plugin Command Injection Vulnerability (CVE-2022-2314)
1012257 - WordPress 'Watu Quiz' Plugin Cross-Site Scripting Vulnerability (CVE-2023-0968)


Web Server HTTPS
1012241 - Cacti Stored Cross-Site Scripting Vulnerabilities (CVE-2024-43364 and CVE-2024-43365)
1012267 - WordPress 'NotificationX' Plugin SQL Injection Vulnerability (CVE-2022-0349)
1012223 - WordPress Core Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2024-31210)


Windows Server DCERPC
1012246 - Microsoft Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability (CVE-2024-38073)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1002815* - Authentication Module - Unix Pluggable Authentication Module