Tag

Web Server

4 briefs RSS

Unusual Process Spawned from Web Server Parent

This rule detects unusual processes spawned from a web server parent process on Linux systems, potentially indicating an attacker attempting to establish persistence, execute malicious commands, or establish command and control channels.

Elastic Defend persistence execution command and control web server linux

2r 2t 2w ago

high advisory

FrankenPHP Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

2 rules 1 TTP 1 CVE

Two distinct flaws in the `splitPos()` function in `cgi.go` allows an attacker to mislead FrankenPHP into treating a non-`.php` file as a `.php` script, leading to remote code execution where the attacker can control file content.

frankenphp unicode remote code execution web server

2r 1t 1c May 15, 2026

critical advisory

HiSecOS Web Server Privilege Escalation Vulnerability (CVE-2023-7342)

2 rules 1 TTP 1 CVE

CVE-2023-7342 allows authenticated users with operator or auditor roles in HiSecOS web server to escalate privileges to administrator by sending specially crafted packets, potentially granting full administrative access.

privilege-escalation web-server hisecos

2r 1t 1c Apr 2, 2026

medium advisory

phpMyFAQ Unauthenticated FAQ Permission Bypass via Solution ID Enumeration

2 rules 1 TTP

phpMyFAQ version 4.1.1 and earlier is vulnerable to an unauthenticated FAQ permission bypass, allowing attackers to enumerate solution IDs and discover restricted FAQ titles due to missing permission filters in key functions.

phpmyfaq unauthenticated access information disclosure web server

2r 1t Jan 3, 2024