Tag
Unusual Command Execution from Web Server Parent Process on Linux
2 rules 3 TTPsThis rule detects potential command execution from a web server parent process on a Linux host, indicating a possible web shell attack where adversaries exploit web server vulnerabilities to execute arbitrary commands.
Cisco Privileged Account Creation Followed by HTTP Command Execution
1 rule 3 TTPsAttackers create privileged accounts on Cisco IOS devices and then execute commands remotely via HTTP to gain privileged access.
CVE-2026-47114 - IINA Command Execution Vulnerability via Custom URL Scheme
2 rules 1 TTP 1 CVEIINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the iina://open custom URL scheme handler.
CVE-2026-32643: F5 BIG-IP and BIG-IQ Authenticated Command Execution
2 rules 1 TTP 1 CVECVE-2026-32643 describes a vulnerability in F5 BIG-IP and BIG-IQ systems that allows a highly privileged, authenticated attacker with the Certificate Manager role to modify configuration objects, leading to arbitrary command execution.
CyberPanel 2.1 Authenticated Remote Command Execution via Symlink Exploitation (CVE-2021-47949)
2 rules 1 TTP 1 CVECyberPanel version 2.1 is vulnerable to command execution (CVE-2021-47949) where an authenticated attacker can exploit symlink attacks via the filemanager controller endpoint by manipulating the completeStartingPath parameter in POST requests, leading to sensitive file access and arbitrary shell command execution.
JupyterLab Command Execution via Crafted HTML Content
2 rules 1 TTPJupyterLab's HTML sanitizer allows execution of arbitrary commands via specially crafted HTML content in notebooks or Markdown files due to improper handling of `data-commandlinker-command` and `data-commandlinker-args` attributes.
Cisco IoT Field Network Director Multiple Vulnerabilities
3 rules 4 TTPsMultiple vulnerabilities in Cisco IoT Field Network Director Software could allow an authenticated, remote attacker to access files, execute commands, and cause denial-of-service (DoS) conditions on managed routers.
IBM Langflow Desktop Vulnerable to Remote Command Execution (CVE-2026-6543)
3 rules 1 TTP 1 CVEIBM Langflow Desktop versions 1.0.0 through 1.8.4 are vulnerable to remote command execution, allowing an attacker to execute arbitrary commands with the privileges of the Langflow process, potentially leading to sensitive data exposure and lateral movement.
Rclone Unauthenticated options/set Allows Runtime Auth Bypass
2 rules 3 TTPsRclone is vulnerable to an unauthenticated options/set vulnerability that allows runtime authentication bypass, potentially leading to sensitive operations and command execution by setting `rc.NoAuth=true` on reachable RC servers started without global HTTP authentication.
Windows Shell Execution from IIS Installation Directory
2 rules 2 TTPsDetection of command-line tools executing from the IIS installation directory on Windows systems, potentially indicating exploitation of IIS-reliant software like Microsoft Exchange.
Potential Command Shell via NetCat Execution
2 rules 3 TTPsThe rule identifies potential attempts to execute a reverse shell using the netcat utility to execute Windows commands via Cmd.exe or Powershell.