35 pages of spelling done

h00die · h00die · commit 0910c482a9a2 · 2017-09-08T22:19:55.000-04:00
diff --git a/modules/exploits/unix/webapp/zpanel_username_exec.rb b/modules/exploits/unix/webapp/zpanel_username_exec.rb
@@ -15,7 +15,7 @@ def initialize(info={})
         This module exploits a vulnerability found in ZPanel's htpasswd module. When
         creating .htaccess using the htpasswd module, the username field can be used to
         inject system commands, which is passed on to a system() function for executing
-        the system's htpasswd's command.
+        the system's htpasswd command.
 
         Please note: In order to use this module, you must have a valid account to login
         to ZPanel.  An account part of any of the default groups should suffice, such as:
diff --git a/modules/exploits/windows/brightstor/mediasrv_sunrpc.rb b/modules/exploits/windows/brightstor/mediasrv_sunrpc.rb
@@ -13,7 +13,7 @@ def initialize(info = {})
       'Name'           => 'CA BrightStor ArcServe Media Service Stack Buffer Overflow',
       'Description'    => %q{
           This exploit targets a stack buffer overflow in the MediaSrv RPC service of CA
-        BrightStor Arcserve. By sending a specially crafted SUNRPC request, an attacker
+        BrightStor ARCserve. By sending a specially crafted SUNRPC request, an attacker
         can overflow a stack buffer and execute arbitrary code.
       },
       'Author'         => [ 'toto' ],
diff --git a/modules/exploits/windows/browser/adobe_flash_regex_value.rb b/modules/exploits/windows/browser/adobe_flash_regex_value.rb
@@ -14,7 +14,7 @@ def initialize(info={})
       'Description'    => %q{
         This module exploits a vulnerability found in the ActiveX component of Adobe
         Flash Player before 11.5.502.149. By supplying a specially crafted swf file
-        with special regex value, it is possible to trigger an memory corruption, which
+        with special regex value, it is possible to trigger a memory corruption, which
         results in remote code execution under the context of the user, as exploited in
         the wild in February 2013. This module has been tested successfully with Adobe
         Flash Player 11.5 before 11.5.502.149 on Windows XP SP3 and Windows 7 SP1 before
diff --git a/modules/exploits/windows/browser/adobe_flash_uncompress_zlib_uninitialized.rb b/modules/exploits/windows/browser/adobe_flash_uncompress_zlib_uninitialized.rb
@@ -12,7 +12,7 @@ def initialize(info={})
     super(update_info(info,
       'Name'                => 'Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory',
       'Description'         => %q{
-        This module exploits an unintialized memory vulnerability in Adobe Flash Player. The
+        This module exploits an uninitialized memory vulnerability in Adobe Flash Player. The
         vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, which fails
         to initialize allocated memory. When using a correct memory layout this vulnerability
         leads to a ByteArray object corruption, which can be abused to access and corrupt memory.
diff --git a/modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb b/modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb
@@ -24,7 +24,7 @@ def initialize(info = {})
 
         NOTE: This module uses a similar DEP bypass method to that used within the
         adobe_libtiff module. This method is unlikely to work across various
-        Windows versions due a the hardcoded syscall number.
+        Windows versions due a hardcoded syscall number.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
diff --git a/modules/exploits/windows/browser/aim_goaway.rb b/modules/exploits/windows/browser/aim_goaway.rb
@@ -18,7 +18,7 @@ def initialize(info = {})
       'Description'    => %q{
           This module exploits a flaw in the handling of AOL Instant
         Messenger's 'goaway' URI handler.  An attacker can execute
-        arbitrary code by supplying a overly sized buffer as the
+        arbitrary code by supplying an overly sized buffer as the
         'message' parameter.  This issue is known to affect AOL Instant
         Messenger 5.5.
       },
diff --git a/modules/exploits/windows/browser/ask_shortformat.rb b/modules/exploits/windows/browser/ask_shortformat.rb
@@ -14,7 +14,7 @@ def initialize(info = {})
       'Name'           => 'Ask.com Toolbar askBar.dll ActiveX Control Buffer Overflow',
       'Description'    => %q{
           This module exploits a stack buffer overflow in Ask.com Toolbar 4.0.2.53.
-        An attacker may be able to excute arbitrary code by sending an overly
+        An attacker may be able to execute arbitrary code by sending an overly
         long string to the "ShortFormat()" method in askbar.dll.
       },
       'License'        => MSF_LICENSE,
diff --git a/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb b/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb
@@ -13,7 +13,7 @@ def initialize(info = {})
       'Name'           => 'BaoFeng Storm mps.dll ActiveX OnBeforeVideoDownload Buffer Overflow',
       'Description'    => %q{
           This module exploits a buffer overflow in BaoFeng's Storm media Player ActiveX
-        control. Verions of mps.dll including 3.9.4.27 and lower are affected. When passing
+        control. Versions of mps.dll including 3.9.4.27 and lower are affected. When passing
         an overly long string to the method "OnBeforeVideoDownload" an attacker can execute
         arbitrary code.
       },
diff --git a/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb b/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb
@@ -26,7 +26,7 @@ def initialize(info = {})
       'Description'    => %q{
           This module allows remote attackers to place arbitrary files on a users file system
         by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX
-        Control (BIImgFrm.ocx 12.0.0.0).  Code exeuction can be acheived by first uploading the
+        Control (BIImgFrm.ocx 12.0.0.0).  Code execution can be achieved by first uploading the
         payload to the remote machine, and then upload another mof file, which enables Windows
         Management Instrumentation service to execute the binary. Please note that this module
         currently only works for Windows before Vista.  Also, a similar issue is reported in
diff --git a/modules/exploits/windows/browser/communicrypt_mail_activex.rb b/modules/exploits/windows/browser/communicrypt_mail_activex.rb
@@ -14,7 +14,7 @@ def initialize(info = {})
       'Name'           => 'CommuniCrypt Mail 1.16 SMTP ActiveX Stack Buffer Overflow',
       'Description'    => %q{
           This module exploits a stack buffer overflow in the ANSMTP.dll/AOSMTP.dll
-        ActiveX Control provided by CommuniCrypt Mail 1.16.  By sending a overly
+        ActiveX Control provided by CommuniCrypt Mail 1.16.  By sending an overly
         long string to the "AddAttachments()" method, an attacker may be able to
         execute arbitrary code.
       },
diff --git a/modules/exploits/windows/browser/ea_checkrequirements.rb b/modules/exploits/windows/browser/ea_checkrequirements.rb
@@ -13,7 +13,7 @@ def initialize(info = {})
       'Name'           => 'Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow',
       'Description'    => %q{
           This module exploits a stack buffer overflow in Electronic Arts SnoopyCtrl
-        ActiveX Control (NPSnpy.dll 1.1.0.36. When sending a overly long
+        ActiveX Control (NPSnpy.dll 1.1.0.36. When sending an overly long
         string to the CheckRequirements() method, an attacker may be able
         to execute arbitrary code.
       },
diff --git a/modules/exploits/windows/browser/honeywell_tema_exec.rb b/modules/exploits/windows/browser/honeywell_tema_exec.rb
@@ -13,11 +13,11 @@ def initialize(info={})
     super(update_info(info,
       'Name'           => "Honeywell Tema Remote Installer ActiveX Remote Code Execution",
       'Description'    => %q{
-          This modules exploits a vulnerability found in the Honewell Tema ActiveX Remote
+          This module exploits a vulnerability found in the Honewell Tema ActiveX Remote
         Installer.  This ActiveX control can be abused by using the DownloadFromURL()
         function to install an arbitrary MSI from a remote location without checking source
         authenticity or user notification. This module has been tested successfully with
-        the Remote Installer ActiveX installed with HoneyWell EBI R410.1 - TEMA 5.3.0 and
+        the Remote Installer ActiveX installed with Honeywell EBI R410.1 - TEMA 5.3.0 and
         Internet Explorer 6, 7 and 8 on Windows XP SP3.
       },
       'License'        => MSF_LICENSE,
diff --git a/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb b/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb
@@ -30,8 +30,8 @@ def initialize(info={})
 
         The vulnerability is found in the "RunAndUploadFile" method
         where the "OtherFields" parameter with user controlled data
-        is used to build a "Content-Dispoition" header and attach
-        contents in a insecure way which allows to overflow a buffer
+        is used to build a "Content-Disposition" header and attach
+        contents in an insecure way which allows to overflow a buffer
         in the stack.
       },
       'License'        => MSF_LICENSE,
diff --git a/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb b/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb
@@ -13,7 +13,7 @@ def initialize(info = {})
       'Name'           => 'Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control',
       'Description'    => %q{
           This module exploits a stack based buffer overflow in the Active control file
-        ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles()
+        ImageViewer2.OCX by passing an overly long argument to an insecure TifMergeMultiFiles()
         method. Exploitation results in code execution with the privileges of the user who
         browsed to the exploit page.
 
diff --git a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb
@@ -27,9 +27,9 @@ def initialize(info={})
       'Name'           => "InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow",
       'Description'    => %q{
         This module exploits a heap overflow found in InduSoft Web Studio <= 61.6.00.00
-        SP6. The overflow exists in the ISSymbol.ocx,  and can be triggered with a long
+        SP6. The overflow exists in the ISSymbol.ocx, and can be triggered with a long
         string argument for the InternationalSeparator() method of the ISSymbol control.
-        This modules uses the msvcr71.dll form the Java JRE6 to bypass ASLR.
+        This module uses the msvcr71.dll form the Java JRE6 to bypass ASLR.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
diff --git a/modules/exploits/windows/browser/intrust_annotatex_add.rb b/modules/exploits/windows/browser/intrust_annotatex_add.rb
@@ -13,7 +13,7 @@ def initialize(info = {})
       'Name'           => 'Quest InTrust Annotation Objects Uninitialized Pointer',
       'Description'    => %q{
           This module exploits an uninitialized variable vulnerability in the
-        Annotation Objects ActiveX component. The activeX component loads into memory without
+        Annotation Objects ActiveX component. The ActiveX component loads into memory without
         opting into ALSR so this module exploits the vulnerability against windows Vista and
         Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX
         points to part of the ROP chain in a heap chunk and the calculated call will hit the
diff --git a/modules/exploits/windows/browser/java_ws_double_quote.rb b/modules/exploits/windows/browser/java_ws_double_quote.rb
@@ -17,7 +17,7 @@ def initialize(info = {})
       'Name'           => 'Sun Java Web Start Double Quote Injection',
       'Description'    => %q{
           This module exploits a flaw in the Web Start component of the Sun Java
-        Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP
+        Runtime Environment. Parameters initial-heap-size and max-heap-size in a JNLP
         file can contain a double quote which is not properly sanitized when creating
         the command line for javaw.exe. This allows the injection of the -XXaltjvm
         option to load a jvm.dll from a remote UNC path into the java process. Thus
diff --git a/modules/exploits/windows/browser/java_ws_vmargs.rb b/modules/exploits/windows/browser/java_ws_vmargs.rb
@@ -25,7 +25,7 @@ def initialize(info = {})
         allows an attacker to execute arbitrary code in the context of an unsuspecting
         browser user.
 
-        In order for this module to work, it must be ran as root on a server that
+        In order for this module to work, it must be run as root on a server that
         does not serve SMB. Additionally, the target host must have the WebClient
         service (WebDAV Mini-Redirector) enabled.
       },
diff --git a/modules/exploits/windows/browser/kazaa_altnet_heap.rb b/modules/exploits/windows/browser/kazaa_altnet_heap.rb
@@ -14,7 +14,7 @@ def initialize(info = {})
       'Description'    => %q{
           This module exploits a stack buffer overflow in the Altnet Download Manager ActiveX
         Control (amd4.dll) bundled with Kazaa Media Desktop 3.2.7.
-        By sending a overly long string to the "Install()" method, an attacker may be
+        By sending an overly long string to the "Install()" method, an attacker may be
         able to execute arbitrary code.
       },
       'License'        => MSF_LICENSE,
diff --git a/modules/exploits/windows/browser/logitechvideocall_start.rb b/modules/exploits/windows/browser/logitechvideocall_start.rb
@@ -13,7 +13,7 @@ def initialize(info = {})
       'Name'           => 'Logitech VideoCall ActiveX Control Buffer Overflow',
       'Description'    => %q{
           This module exploits a stack buffer overflow in the Logitech VideoCall ActiveX
-        Control (wcamxmp.dll 2.0.3470.448). By sending a overly long string to the
+        Control (wcamxmp.dll 2.0.3470.448). By sending an overly long string to the
         "Start()" method, an attacker may be able to execute arbitrary code.
       },
       'License'        => MSF_LICENSE,
diff --git a/modules/exploits/windows/browser/macrovision_unsafe.rb b/modules/exploits/windows/browser/macrovision_unsafe.rb
@@ -13,7 +13,7 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'Macrovision InstallShield Update Service ActiveX Unsafe Method',
       'Description'    => %q{
-        This module allows attackers to execute code via an unsafe methods in Macrovision InstallShield 2008.
+        This module allows attackers to execute code via an unsafe method in Macrovision InstallShield 2008.
       },
       'License'        => MSF_LICENSE,
       'Author'         => [ 'MC' ],
diff --git a/modules/exploits/windows/browser/mcafee_mvt_exec.rb b/modules/exploits/windows/browser/mcafee_mvt_exec.rb
@@ -13,7 +13,7 @@ def initialize(info={})
     super(update_info(info,
       'Name'           => "McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability",
       'Description'    => %q{
-          This modules exploits a vulnerability found in McAfee Virtual Technician's
+          This module exploits a vulnerability found in McAfee Virtual Technician's
         MVTControl.  This ActiveX control can be abused by using the GetObject() function
         to load additional unsafe classes such as WScript.Shell, therefore allowing remote
         code execution under the context of the user.
diff --git a/modules/exploits/windows/browser/mcafeevisualtrace_tracetarget.rb b/modules/exploits/windows/browser/mcafeevisualtrace_tracetarget.rb
@@ -13,7 +13,7 @@ def initialize(info = {})
       'Name'           => 'McAfee Visual Trace ActiveX Control Buffer Overflow',
       'Description'    => %q{
           This module exploits a stack buffer overflow in the McAfee Visual Trace 3.25 ActiveX
-        Control (NeoTraceExplorer.dll 1.0.0.1). By sending a overly long string to the
+        Control (NeoTraceExplorer.dll 1.0.0.1). By sending an overly long string to the
         "TraceTarget()" method, an attacker may be able to execute arbitrary code.
       },
       'License'        => MSF_LICENSE,
diff --git a/modules/exploits/windows/browser/mozilla_firefox_onreadystatechange.rb b/modules/exploits/windows/browser/mozilla_firefox_onreadystatechange.rb
@@ -13,8 +13,8 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'Firefox onreadystatechange Event DocumentViewerImpl Use After Free',
       'Description'    => %q{
-        This module exploits a vulnerability found on Firefox 17.0.6, specifically an use
-        after free of a DocumentViewerImpl object, triggered via an specially crafted web
+        This module exploits a vulnerability found on Firefox 17.0.6, specifically a use
+        after free of a DocumentViewerImpl object, triggered via a specially crafted web
         page using onreadystatechange events and the window.stop() API, as exploited in the
         wild on 2013 August to target Tor Browser users.
       },
diff --git a/modules/exploits/windows/browser/mozilla_mchannel.rb b/modules/exploits/windows/browser/mozilla_mchannel.rb
@@ -21,7 +21,7 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'Mozilla Firefox 3.6.16 mChannel Use-After-Free Vulnerability',
       'Description'    => %q{
-          This module exploits an use after free vulnerability in Mozilla
+          This module exploits a use after free vulnerability in Mozilla
         Firefox 3.6.16. An OBJECT Element mChannel can be freed via the
         OnChannelRedirect method of the nsIChannelEventSink Interface. mChannel
         becomes a dangling pointer and can be reused when setting the OBJECTs
diff --git a/modules/exploits/windows/browser/mozilla_reduceright.rb b/modules/exploits/windows/browser/mozilla_reduceright.rb
@@ -14,7 +14,7 @@ def initialize(info={})
       'Description'    => %q{
           This module exploits a vulnerability found in Mozilla Firefox 3.6. When an
         array object is configured with a large length value, the reduceRight() method
-        may cause an invalid index being used, allowing abitrary remote code execution.
+        may cause an invalid index being used, allowing arbitrary remote code execution.
         Please note that the exploit requires a longer amount of time (compare to a
         typical browser exploit) in order to gain control of the machine.
       },
