Land rapid7#5312, @todb-r7's release fixes

Author: wvu

modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb

@@ -16,13 +16,13 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service',
       'Description'    => %q{
-        This module will check if your hosts are vulnerable to CVE-2015-1635 (MS15-034). A
-        vulnerability in the HTTP Protocol stack (HTTP.sys) that could result in arbitrary code
+        This module will check if scanned hosts are vulnerable to CVE-2015-1635 (MS15-034), a
+        vulnerability in the HTTP protocol stack (HTTP.sys) that could result in arbitrary code
         execution. This module will try to cause a denial-of-service.
 
-        Please note that you must supply a valid file resource for the TARGETURI option.
-        By default, IIS may come with these settings that you could try: iisstart.htm,
-        welcome.png, iis-85.png, etc.
+        Please note that a valid file resource must be supplied for the TARGETURI option.
+        By default, IIS provides 'welcome.png' and 'iis-85.png' as resources.
+        Others may also exist, depending on configuration options.
       },
       'Author'         =>
         [

modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb

@@ -15,7 +15,7 @@ def initialize(info={})
     super(update_info(info,
       'Name'        => 'Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft',
       'Description' => %q{
-        A vulnerability exists in versions of OSX/iOS/Windows Safari released
+        A vulnerability exists in versions of OSX, iOS, and Windows Safari released
         before April 8, 2015 that allows the non-HTTPOnly cookies of any
         domain to be stolen.
       },

modules/auxiliary/gather/java_rmi_registry.rb

@@ -16,7 +16,7 @@ def initialize
       'Name'        => 'Java RMI Registry Interfaces Enumeration',
       'Description'    => %q{
         This module gathers information from an RMI endpoint running an RMI registry
-        interface. It enumerates the names bound into a registry and lookups each
+        interface. It enumerates the names bound in a registry and looks up each
         remote reference.
       },
       'Author'      => ['juan vazquez'],

modules/auxiliary/gather/ssllabs_scan.rb

@@ -404,7 +404,8 @@ def initialize(info = {})
     super(update_info(info,
         'Name'          => 'SSL Labs API Client',
         'Description'   => %q{
-          This module is a simple client for the SSL Labs APIs, designed for SSL/TLS assessment during a penetration testing.
+          This module is a simple client for the SSL Labs APIs, designed for
+          SSL/TLS assessment during a penetration test.
         },
         'License'       => MSF_LICENSE,
         'Author'         =>

modules/auxiliary/scanner/http/goahead_traversal.rb

@@ -13,10 +13,11 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info = {})
     super(update_info(info,
-                      'Name'           => 'Embedthis GoAhead Embedded Web Server Directory Traversal',
+      'Name'           => 'Embedthis GoAhead Embedded Web Server Directory Traversal',
       'Description'    => %q{
-        This module exploits a directory traversal vulnerability in the Embedthis GoAhead Web Server v3.4.1,
-        allowing to read arbitrary files with the web server privileges.
+        This module exploits a directory traversal vulnerability in the Embedthis
+        GoAhead Web Server v3.4.1, allowing an attacker to read arbitrary files
+        with the web server privileges.
       },
       'References'     =>
         [

modules/auxiliary/scanner/http/owa_iis_internal_ip.rb

@@ -14,7 +14,8 @@ def initialize
     super(
       'Name'           => 'Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure',
       'Description'    => %q{
-        This module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.
+        This module tests vulnerable IIS HTTP header file paths on Microsoft
+        Exchange OWA 2003 and CAS 2007, 2010, and 2013 servers.
       },
       'Author'         =>
         [

modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb

@@ -17,7 +17,7 @@ def initialize(info = {})
       'Description'    => %q{
         This module exploits a directory traversal vulnerability in WordPress Plugin
         "WP Mobile Edition" version 2.2.7, allowing to read arbitrary files with the
-        web server privileges. Stay tuned to the correct value in TARGETURI.
+        web server privileges.
       },
       'References'     =>
         [

modules/exploits/linux/http/multi_ncc_ping_exec.rb

@@ -19,7 +19,7 @@ def initialize(info = {})
       'Description'    => %q{
         This module exploits a remote command injection vulnerability on several routers. The
         vulnerability exists in the ncc service, while handling ping commands. This module has
-        been tested on a DIR-626L emulated environment only. Several D-Link and TRENDnet devices
+        been tested on a DIR-626L emulated environment. Several D-Link and TRENDnet devices
         are reported as affected, including: D-Link DIR-626L (Rev A) v1.04b04, D-Link DIR-636L
         (Rev A) v1.04, D-Link DIR-808L (Rev A) v1.03b05, D-Link DIR-810L (Rev A) v1.01b04, D-Link
         DIR-810L (Rev B) v2.02b01, D-Link DIR-820L (Rev A) v1.02B10, D-Link DIR-820L (Rev A)

modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb

@@ -17,9 +17,9 @@ def initialize(info = {})
       'Name'           => 'Wordpress SlideShow Gallery Authenticated File Upload',
       'Description'    => %q{
           The Wordpress SlideShow Gallery plugin contains an authenticated file upload
-          vulnerability. We can upload arbitrary files to the upload folder, because
-          the plugin also uses it's own file upload mechanism instead of the wordpress
-          api it's possible to upload any file type.
+          vulnerability. An attacker can upload arbitrary files to the upload folder.
+          Since the plugin uses its own file upload mechanism instead of the WordPress
+          API, it's possible to upload any file type.
       },
       'Author'         =>
         [

modules/exploits/windows/local/run_as.rb

@@ -35,7 +35,7 @@ def initialize(info = {})
         [
           [ 'URL', 'https://msdn.microsoft.com/en-us/library/windows/desktop/ms682431' ]
         ],
-      'DisclosureDate' => 'Jan 01 1999' # Not valid but required by msftidy
+      'DisclosureDate' => 'Jan 01 1999' # Same as psexec -- a placeholder date for non-vuln 'exploits'
     ))
 
     register_options(