Fix first chunk of msftidy "bad char" errors

wvu · wvu · commit 170608e97b2b · 2014-03-11T11:18:54.000-05:00
There needs to be a better way to go about preventing/fixing these.
diff --git a/modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb b/modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb
@@ -13,7 +13,7 @@ class Metasploit4 < Msf::Auxiliary
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'         => 'Cisco Secure ACS Version < 5.1.0.44.5 or 5.2.0.26.2 Unauthorized Password Change',
+      'Name'         => 'Cisco Secure ACS Unauthorized Password Change',
       'Description'  => %q{
         This module exploits an authentication bypass issue which allows arbitrary
         password change requests to be issued for any user in the local store.
diff --git a/modules/auxiliary/dos/http/apache_mod_isapi.rb b/modules/auxiliary/dos/http/apache_mod_isapi.rb
@@ -12,25 +12,28 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Apache mod_isapi <= 2.2.14 Dangling Pointer',
+      'Name'           => 'Apache mod_isapi Dangling Pointer',
       'Description'    => %q{
-          This module triggers a use-after-free vulnerability in the Apache Software
-        Foundation mod_isapi extension. In order to reach the vulnerable code, the
-        target server must have an ISAPI module installed and configured.
+        This module triggers a use-after-free vulnerability in the Apache
+        Software Foundation mod_isapi extension for versions 2.2.14 and earlier.
+        In order to reach the vulnerable code, the target server must have an
+        ISAPI module installed and configured.
 
-        By making a request that terminates abnormally (either an aborted TCP connection or
-        an unsatisfied chunked request), mod_isapi will unload the ISAPI extension. Later,
-        if another request comes for that ISAPI module, previously obtained pointers will
-        be used resulting in an access violation or potentially arbitrary code execution.
+        By making a request that terminates abnormally (either an aborted TCP
+        connection or an unsatisfied chunked request), mod_isapi will unload the
+        ISAPI extension. Later, if another request comes for that ISAPI module,
+        previously obtained pointers will be used resulting in an access
+        violation or potentially arbitrary code execution.
 
-        Although arbitrary code execution is theoretically possible, a real-world method of
-        invoking this consequence has not been proven. In order to do so, one would need to
-        find a situation where a particular ISAPI module loads at an image base address
-        that can be re-allocated by a remote attacker.
+        Although arbitrary code execution is theoretically possible, a
+        real-world method of invoking this consequence has not been proven. In
+        order to do so, one would need to find a situation where a particular
+        ISAPI module loads at an image base address that can be re-allocated by
+        a remote attacker.
 
-        Limited success was encountered using two separate ISAPI modules. In this scenario,
-        a second ISAPI module was loaded into the same memory area as the previously
-        unloaded module.
+        Limited success was encountered using two separate ISAPI modules. In
+        this scenario, a second ISAPI module was loaded into the same memory
+        area as the previously unloaded module.
       },
       'Author'         =>
         [
diff --git a/modules/auxiliary/dos/mdns/avahi_portzero.rb b/modules/auxiliary/dos/mdns/avahi_portzero.rb
@@ -12,10 +12,10 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize
     super(
-      'Name'        => 'Avahi < 0.6.24 Source Port 0 DoS',
+      'Name'        => 'Avahi Source Port 0 DoS',
       'Description' => %q{
         Avahi-daemon versions prior to 0.6.24 can be DoS'd
-        with an mDNS packet with a source port of 0
+        with an mDNS packet with a source port of 0.
       },
       'Author'      => 'kris katterjohn',
       'License'     => MSF_LICENSE,
diff --git a/modules/auxiliary/dos/smtp/sendmail_prescan.rb b/modules/auxiliary/dos/smtp/sendmail_prescan.rb
@@ -13,7 +13,7 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Sendmail SMTP Address prescan <= 8.12.8 Memory Corruption',
+      'Name'           => 'Sendmail SMTP Address prescan Memory Corruption',
       'Description'    => %q{
         This is a proof of concept denial of service module for Sendmail versions
         8.12.8 and earlier. The vulnerability is within the prescan() method when
diff --git a/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb b/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb
@@ -14,7 +14,7 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'		=> 'OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS',
+      'Name'		=> 'OpenSSL DTLS ChangeCipherSpec Remote DoS',
       'Description'	=> %q{
           This module performs a Denial of Service Attack against Datagram TLS in OpenSSL
         version 0.9.8i and earlier. OpenSSL crashes under these versions when it recieves a
diff --git a/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb b/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb
@@ -13,7 +13,7 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'		=> 'FileZilla FTP Server <=0.9.21 Malformed PORT Denial of Service',
+      'Name'		=> 'FileZilla FTP Server Malformed PORT Denial of Service',
       'Description'	=> %q{
         This module triggers a Denial of Service condition in the FileZilla FTP
         Server versions 0.9.21 and earlier. By sending a malformed PORT command
diff --git a/modules/auxiliary/dos/windows/ftp/iis_list_exhaustion.rb b/modules/auxiliary/dos/windows/ftp/iis_list_exhaustion.rb
@@ -12,7 +12,7 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion',
+      'Name'           => 'Microsoft IIS FTP Server LIST Stack Exhaustion',
       'Description'    => %q{
           This module triggers Denial of Service condition in the Microsoft Internet
         Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command
diff --git a/modules/auxiliary/dos/windows/ftp/solarftp_user.rb b/modules/auxiliary/dos/windows/ftp/solarftp_user.rb
@@ -12,11 +12,12 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => 'Solar FTP Server <= 2.1.1 Malformed (User) Denial of Service',
+      'Name'           => 'Solar FTP Server Malformed USER Denial of Service',
       'Description'    => %q{
-        This module will send a format string as USER to Solar FTP, causing a READ
-        violation in function "__output_1()" found in "sfsservice.exe" while trying to
-        calculate the length of the string.
+        This module will send a format string as USER to Solar FTP, causing a
+        READ violation in function "__output_1()" found in "sfsservice.exe"
+        while trying to calculate the length of the string. This vulnerability
+        affects versions 2.1.1 and earlier.
       },
       'Author'         =>
       [
diff --git a/modules/auxiliary/dos/windows/http/pi3web_isapi.rb b/modules/auxiliary/dos/windows/http/pi3web_isapi.rb
@@ -12,12 +12,12 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Pi3Web <=2.0.13 ISAPI DoS',
+      'Name'           => 'Pi3Web ISAPI DoS',
       'Description'    => %q{
-        The Pi3Web HTTP server crashes when a request is made
-        for an invalid DLL file in /isapi.  By default, the
-        non-DLLs in this directory after installation are
-        users.txt, install.daf and readme.daf.
+        The Pi3Web HTTP server crashes when a request is made for an invalid DLL
+        file in /isapi for versions 2.0.13 and earlier. By default, the non-DLLs
+        in this directory after installation are users.txt, install.daf and
+        readme.daf.
       },
       'Author'         => 'kris katterjohn',
       'License'        => MSF_LICENSE,
diff --git a/modules/auxiliary/gather/eaton_nsm_creds.rb b/modules/auxiliary/gather/eaton_nsm_creds.rb
@@ -12,12 +12,14 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Network Shutdown Module <= 3.21 (sort_values) Credential Dumper',
+      'Name'           => 'Network Shutdown Module sort_values Credential Dumper',
       'Description'    => %q{
-        This module will extract user credentials from Network Shutdown Module by exploiting
-        a vulnerability found in lib/dbtools.inc, which uses unsanitized user input inside a
-        eval() call.  Please note that in order to extract credentials,the vulnerable service
-        must have at least one USV module (an entry in the "nodes" table in mgedb.db)
+        This module will extract user credentials from Network Shutdown Module
+        versions 3.21 and earlier by exploiting a vulnerability found in
+        lib/dbtools.inc, which uses unsanitized user input inside a eval() call.
+        Please note that in order to extract credentials,the vulnerable service
+        must have at least one USV module (an entry in the "nodes" table in
+        mgedb.db).
       },
       'References'     =>
         [
diff --git a/modules/auxiliary/scanner/http/dolibarr_login.rb b/modules/auxiliary/scanner/http/dolibarr_login.rb
@@ -13,7 +13,7 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Dolibarr ERP & CRM 3 Login Utility',
+      'Name'           => 'Dolibarr ERP/CRM Login Utility',
       'Description'    => %q{
         This module attempts to authenticate to a Dolibarr ERP/CRM's admin web interface,
         and should only work against version 3.1.1 or older, because these versions do not
diff --git a/modules/exploits/freebsd/tacacs/xtacacsd_report.rb b/modules/exploits/freebsd/tacacs/xtacacsd_report.rb
@@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'XTACACSD <= 4.1.2 report() Buffer Overflow',
+      'Name'           => 'XTACACSD report() Buffer Overflow',
       'Description'    => %q{
           This module exploits a stack buffer overflow in XTACACSD <= 4.1.2. By
         sending a specially crafted XTACACS packet with an overly long
diff --git a/modules/exploits/linux/http/dolibarr_cmd_exec.rb b/modules/exploits/linux/http/dolibarr_cmd_exec.rb
@@ -12,9 +12,9 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => "Dolibarr ERP & CRM 3 Post-Auth OS Command Injection",
+      'Name'           => "Dolibarr ERP/CRM Post-Auth OS Command Injection",
       'Description'    => %q{
-          This module exploits a vulnerability found in Dolibarr ERP/CRM's
+          This module exploits a vulnerability found in Dolibarr ERP/CRM 3's
         backup feature.  This software is used to manage a company's business
         information such as contacts, invoices, orders, stocks, agenda, etc.
         When processing a database backup request, the export.php function
diff --git a/modules/exploits/linux/http/peercast_url.rb b/modules/exploits/linux/http/peercast_url.rb
@@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'PeerCast <= 0.1216 URL Handling Buffer Overflow (linux)',
+      'Name'           => 'PeerCast URL Handling Buffer Overflow',
       'Description'    => %q{
           This module exploits a stack buffer overflow in PeerCast <= v0.1216.
         The vulnerability is caused due to a boundary error within the
diff --git a/modules/exploits/multi/browser/mozilla_compareto.rb b/modules/exploits/multi/browser/mozilla_compareto.rb
@@ -28,7 +28,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Mozilla Suite/Firefox InstallVersion->compareTo() Code Execution',
+      'Name'           => 'Mozilla Suite/Firefox compareTo() Code Execution',
       'Description'    => %q{
           This module exploits a code execution vulnerability in the Mozilla
         Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit
diff --git a/modules/exploits/multi/fileformat/peazip_command_injection.rb b/modules/exploits/multi/fileformat/peazip_command_injection.rb
@@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'PeaZip <= 2.6.1 Zip Processing Command Injection',
+      'Name'           => 'PeaZip Zip Processing Command Injection',
       'Description'    => %q{
           This module exploits a command injection vulnerability in PeaZip. All
         versions prior to 2.6.2 are suspected vulnerable. Testing was conducted with
diff --git a/modules/exploits/multi/http/activecollab_chat.rb b/modules/exploits/multi/http/activecollab_chat.rb
@@ -12,11 +12,12 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => 'Active Collab "chat module" <= 2.3.8 Remote PHP Code Injection Exploit',
+      'Name'           => 'Active Collab "chat module" Remote PHP Code Injection Exploit',
       'Description'    => %q{
-        This module exploits an arbitrary code injection vulnerability in the chat module
-        that is part of Active Collab by abusing a preg_replace() using the /e modifier and
-        its replacement string using double quotes. The vulnerable function can be found in
+        This module exploits an arbitrary code injection vulnerability in the
+        chat module that is part of Active Collab versions 2.3.8 and earlier by
+        abusing a preg_replace() using the /e modifier and its replacement
+        string using double quotes. The vulnerable function can be found in
         activecollab/application/modules/chat/functions/html_to_text.php.
       },
       'License'        => MSF_LICENSE,
diff --git a/modules/exploits/multi/http/phpldapadmin_query_engine.rb b/modules/exploits/multi/http/phpldapadmin_query_engine.rb
@@ -12,12 +12,13 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection',
+      'Name'           => 'phpLDAPadmin query_engine Remote PHP Code Injection',
       'Description'    => %q{
-          This module exploits a vulnerability in the lib/functions.php that allows
-        attackers input parsed directly to the create_function() php function. A patch was
-        issued that uses a whitelist regex expression to check the user supplied input
-        before being parsed to the create_function() call.
+        This module exploits a vulnerability in the lib/functions.php for
+        phpLDAPadmin versions 1.2.1.1 and earlier that allows attackers input
+        parsed directly to the create_function() php function. A patch was
+        issued that uses a whitelist regex expression to check the user supplied
+        input before being parsed to the create_function() call.
       },
       'Author'         =>
         [
diff --git a/modules/exploits/multi/http/pmwiki_pagelist.rb b/modules/exploits/multi/http/pmwiki_pagelist.rb
@@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => 'PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit',
+      'Name'           => 'PmWiki pagelist.php Remote PHP Code Injection Exploit',
       'Description'    => %q{
         This module exploits an arbitrary command execution vulnerability
         in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is
diff --git a/modules/exploits/multi/http/sit_file_upload.rb b/modules/exploits/multi/http/sit_file_upload.rb
@@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Support Incident Tracker <= 3.65 Remote Command Execution',
+      'Name'           => 'Support Incident Tracker Remote Command Execution',
       'Description'    => %q{
           This module combines two separate issues within Support Incident Tracker (<= 3.65)
         application to upload arbitrary data and thus execute a shell. The two issues exist
diff --git a/modules/exploits/multi/http/spree_searchlogic_exec.rb b/modules/exploits/multi/http/spree_searchlogic_exec.rb
@@ -14,11 +14,12 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Spreecommerce < 0.50.0 Arbitrary Command Execution',
+      'Name'           => 'Spreecommerce Arbitrary Command Execution',
       'Description'    => %q{
-          This module exploits an arbitrary command execution vulnerability in the
-          Spreecommerce API searchlogic. Unvalidated input is called via the
-          Ruby send method allowing command execution.
+          This module exploits an arbitrary command execution vulnerability in
+          the Spreecommerce API searchlogic for versions 0.50.0 and earlier.
+          Unvalidated input is called via the Ruby send method allowing command
+          execution.
       },
       'Author'         => [ 'joernchen <joernchen[at]phenoelit.de>' ], #Phenoelit
       'License'        => MSF_LICENSE,
diff --git a/modules/exploits/multi/http/struts_code_exec.rb b/modules/exploits/multi/http/struts_code_exec.rb
@@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Apache Struts < 2.2.0 Remote Command Execution',
+      'Name'           => 'Apache Struts Remote Command Execution',
       'Description'    => %q{
           This module exploits a remote command execution vulnerability in
         Apache Struts versions < 2.2.0. This issue is caused by a failure to properly
diff --git a/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb b/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb
@@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Apache Struts <= 2.2.1.1 Remote Command Execution',
+      'Name'           => 'Apache Struts Remote Command Execution',
       'Description'    => %q{
           This module exploits a remote command execution vulnerability in
         Apache Struts versions < 2.2.1.1. This issue is caused because the
diff --git a/modules/exploits/multi/http/vbseo_proc_deutf.rb b/modules/exploits/multi/http/vbseo_proc_deutf.rb
@@ -12,13 +12,14 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection',
+      'Name'           => 'vBSEO proc_deutf() Remote PHP Code Injection',
       'Description'    => %q{
-          This module exploits a vulnerability in the 'proc_deutf()' function
-        defined in /includes/functions_vbseocp_abstract.php. User input passed through
-        'char_repl' POST parameter isn't properly sanitized before being used in a call
-        to preg_replace() function which uses the 'e' modifier. This can be exploited to
-        inject and execute arbitrary code leveraging the PHP's complex curly syntax.
+        This module exploits a vulnerability in the 'proc_deutf()' function
+        defined in /includes/functions_vbseocp_abstract.php for vBSEO versions
+        3.6.0 and earlier. User input passed through 'char_repl' POST parameter
+        isn't properly sanitized before being used in a call to preg_replace()
+        function which uses the 'e' modifier. This can be exploited to inject
+        and execute arbitrary code leveraging the PHP's complex curly syntax.
       },
       'Author'         => 'EgiX <n0b0d13s[at]gmail.com>', # originally reported by the vendor
       'License'        => MSF_LICENSE,
diff --git a/modules/exploits/unix/smtp/exim4_string_format.rb b/modules/exploits/unix/smtp/exim4_string_format.rb
@@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Exim4 <= 4.69 string_format Function Heap Buffer Overflow',
+      'Name'           => 'Exim4 string_format Function Heap Buffer Overflow',
       'Description'    => %q{
           This module exploits a heap buffer overflow within versions of Exim prior to
         version 4.69. By sending a specially crafted message, an attacker can corrupt the
diff --git a/modules/exploits/unix/webapp/awstatstotals_multisort.rb b/modules/exploits/unix/webapp/awstatstotals_multisort.rb
@@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'AWStats Totals <= v1.14 multisort Remote Command Execution',
+      'Name'           => 'AWStats Totals multisort Remote Command Execution',
       'Description'    => %q{
           This module exploits an arbitrary command execution vulnerability in the
           AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable.
diff --git a/modules/exploits/unix/webapp/cakephp_cache_corruption.rb b/modules/exploits/unix/webapp/cakephp_cache_corruption.rb
@@ -12,12 +12,13 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Code Execution',
+      'Name'           => 'CakePHP Cache Corruption Code Execution',
       'Description'    => %q{
-          CakePHP is a popular PHP framework for building web applications.
-        The Security component of CakePHP is vulnerable to an unserialize attack which
-        could be abused to allow unauthenticated attackers to execute arbitrary
-        code with the permissions of the webserver.
+        CakePHP is a popular PHP framework for building web applications.  The
+        Security component of CakePHP versions 1.3.5 and earlier and 1.2.8 and
+        earlier is vulnerable to an unserialize attack which could be abused to
+        allow unauthenticated attackers to execute arbitrary code with the
+        permissions of the webserver.
       },
       'Author'	=>
         [
diff --git a/modules/exploits/unix/webapp/coppermine_piceditor.rb b/modules/exploits/unix/webapp/coppermine_piceditor.rb
diff --git a/modules/exploits/unix/webapp/sphpblog_file_upload.rb b/modules/exploits/unix/webapp/sphpblog_file_upload.rb
diff --git a/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb b/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb
