#auth

The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.

### Impact `next-auth` applications prior to version **4.24.5** that rely on the default [Middleware authorization](https://next-auth.js.org/configuration/nextjs#middleware) are affected. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce). Manually overriding the `next-auth.session-token` cookie value with this non-related JWT would let the user simulate a logged in user, albeit having no user information associated with it. (The only property on this user is an opaque randomly generated string). This vulnerability does **not** give access to other users' data, neither to resources that require proper authorization via scopes or other means. The created mock user has no information associated with it (ie. no name, email, access_token, etc.) This vulnerability can be exploited by bad actors to peek at logged in user states (e.g. dashboard layout). _Note: Regardless of the vulnerabil...

Ransomware group Scattered Spider aka Octo Tempest are masters at social engineering tactics like SIM swapping.

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.

An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.

Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.

The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability.

The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog.

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.