Tag

Scripting

5 briefs RSS

XWiki Remote Code Execution via Unprotected Velocity Scripting API

XWiki is vulnerable to remote code execution due to an improperly protected scripting API, allowing users with script rights to bypass the Velocity scripting API sandbox and execute arbitrary code, leading to full instance compromise.

xwiki rce velocity scripting CVE-2026-33229

2r 2t Apr 8, 2026

high advisory

Command and Scripting Interpreter via Windows Scripts

2 rules 1 TTP

This rule detects the execution of PowerShell, PowerShell ISE, or Cmd spawned from Windows Script Host or MSHTA, indicating potential abuse of scripting interpreters to execute malicious commands or scripts on Windows systems.

Microsoft Defender XDR +8 execution scripting windows

2r 1t Nov 14, 2024

medium advisory

Windows Script Execution from Archive File

2 rules 3 TTPs

This rule identifies attempts to execute Jscript/Vbscript files from an archive file, a common delivery method for malicious scripts on Windows systems.

M365 Defender +2 execution windows scripting archive

2r 3t Jan 24, 2024

high advisory

MSBuild Executed by Scripting Host

2 rules 1 TTP

Detects the suspicious spawning of MSBuild.exe by Windows Script Host processes (cscript.exe or wscript.exe), a behavior often associated with malware executing malicious MSBuild processes via scripts.

Splunk Enterprise +2 msbuild scripting defense-evasion endpoint

2r 1t Jan 3, 2024

medium advisory

Execution of a Downloaded Windows Script

3 rules 7 TTPs

This rule identifies the creation and subsequent execution of a Windows script downloaded from the internet, a technique used by adversaries for initial access and execution on Windows systems.

Elastic Defend execution windows scripting threat-detection

3r 7t Jan 3, 2024