VAPT-Task-3-PTES

VAPT Task-3 – Advanced Exploitation & PTES Report 👤 Author...

Oracle Linux 8 : glibc (ELSA-2025-28054)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-28054 advisory. - CVE-2025-8058: Double free in regcomp RHEL-105326 - CVE-2025-4802: static setuid dlopen may search LDLIBRARYPATH RHEL-92685 Tenable has extracted the precedi...

CVE-2025-57489

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...

EUVD-2025-200027

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...

CVE-2025-57489

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...

CVE-2025-57489

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...

CVE-2025-57489

Technical details for CVE-2025-57489 are not publicly available in the provided connected documents. Monitor for updates.

CVE-2025-57489

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...

CVE-2025-57489

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...

PT-2025-48483

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...

OESA-2025-2755 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

TencentOS Server 4: screen (TSSA-2025:0404)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0404 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

GHSA-3G2J-VM47-X4MJ LXD vulnerable to a local privilege escalation through custom storage volumes

Impact This affects any LXD user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would be...

EUVD-2025-50816

Incus vulnerable to local privilege escalation through custom storage volumes...

Incus vulnerable to local privilege escalation through custom storage volumes

Impact This affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would ...

SUSE CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

CVE-2025-64507

An issue in Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would be systems...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to the process handling custom storage volumes with the security.shifted property set to true. An attacker can gain elevated privileges on the host system by creating a custom storage volume, writing a...

CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

UBUNTU-CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...