Product

Nginx

4 briefs RSS

Suspicious Command Execution via Web Server on Linux

Identifies suspicious command executions via a web server on Linux systems, which may suggest a vulnerability and remote shell access.

Elastic Defend +43 persistence initial-access vulnerability linux

2r 3t 2w ago

low advisory

Unusual Command Execution from Web Server Parent Process on Linux

2 rules 3 TTPs

This rule detects potential command execution from a web server parent process on a Linux host, indicating a possible web shell attack where adversaries exploit web server vulnerabilities to execute arbitrary commands.

Elastic Defend +2 web-shell command-execution persistence linux

2r 3t 2w ago

high advisory

SPIP RCE Vulnerability in Nginx Configurations (CVE-2026-8430)

2 rules 1 TTP 1 CVE

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability exploitable in certain Nginx configurations, allowing attackers to execute arbitrary code within the web server's context.

SPIP +1 vulnerability rce webserver

2r 1t 1c May 12, 2026

medium advisory

AzuraCast Account Takeover via X-Forwarded-Host Poisoning

2 rules 3 TTPs 2 IOCs

AzuraCast is vulnerable to password reset poisoning due to unconditionally trusting the X-Forwarded-Host header, allowing an attacker to inject a malicious host into the password reset URL, exfiltrate the reset token, reset the victim's password, and disable 2FA, leading to account takeover.

azuracast +2 account takeover x-forwarded-host password reset poisoning

2r 3t 2i Jan 3, 2024