After successful exploitation an agent will be deployed. This agent will inherit the user identity and capabilities of the abused service, usually those of the user used to login into the ftp server (ftp, for example). However, the uid (as opposite to the euid) of the agent will be that of the super user in most cases (usually 0), and by using the setuid module (see setuid module documentation), it can be changed. When an anonymous user is used, or if the server is configured to do this for other users, the deployed agent will be running in a chroot jail. This situation does not prevent the agent to be used, and after setting the user id to that of the super user, the chroot breaker module (see chroot breaker module documentation) can be used to escape the chroot jail.

The internal stack may be overrun while handling either "XMD5", "XSHA1" or "XCRC" commands with an overly long filename. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the WS_FTP process, typically administrator or system. Exploitation requires valid or anonymous FTP server credentials. The WS_FTP server will remain active after a successful exploitation.

This module exploits a vulnerability in W3 Total Cache plugin for Wordpress. Certain macros such as mfunc allow to inject PHP code into comments. By injecting a crafted comment into a valid post an attacker can execute arbitrary PHP code on systems running vulnerable installations of W3 Total Cache.

This module exploits a format string vulnerability in the WireShark PROFINET/DCP (PN-DCP) dissector, sending a specially crafted packet. Failed attacks will likely cause denial-of-service conditions.

A heap-based buffer overflow was found in the DECT dissector of Wireshark. A remote attacker could use this flaw to cause the Wireshark executable to crash or potentially to execute arbitrary code with the privileges of the user running Wireshark.

This module exploits a stack-based buffer overflow in the WireShark LWRES dissector by sending a specially crafted LWRES packet.

Exploits a condition where a remote user can arbitrary control the pointer to the association contained in a "Association Delete Message". This condition is abused to corrupt a function pointer in the application and install an agent. At the same time, another option of the protocol is used to populate the heap with executable code and increase the success possibilities.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing WinGate. The vulnerability is caused due to a boundary error within the handling of POST requests. This may allow execution of arbitrary code by sending an overly long, specially crafted POST request to the proxy server.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing WinComLPD. A remote user can send specially crafted data to TCP port 13500 to trigger a stack overflow and execute arbitrary code on the target system.

An internal memory buffer may be overrun while handling long "SIZE" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the WFTPD Server process. The WFTPD Server server will be left inaccessible after successful exploitation.