Land rapid7#1935, @todb-r7's description cleanup

Author: wvu

modules/auxiliary/dos/upnp/miniupnpd_dos.rb

@@ -16,8 +16,8 @@ def initialize(info = {})
 		super(update_info(info,
 			'Name'           => 'MiniUPnPd 1.4 Denial of Service (DoS) Exploit',
 			'Description'    => %q{
-					This module allows remote attackers to cause a denial of service in MiniUPnP 1.0
-				server via specifically crafted UDP request.
+					This module allows remote attackers to cause a denial of service (DoS)
+					in MiniUPnP 1.0 server via a specifically crafted UDP request.
 			},
 			'Author'         =>
 				[

modules/exploits/linux/smtp/exim4_dovecot_exec.rb

@@ -20,10 +20,10 @@ def initialize(info = {})
 		super(update_info(info,
 			'Name'           => 'Exim and Dovecot Insecure Configuration Command Injection',
 			'Description'    => %q{
-					This module exploits a command injection vulnerability against Dovecot with 
+				This module exploits a command injection vulnerability against Dovecot with
 				Exim using the "use_shell" option. It uses the sender's address to inject arbitary
-				commands since this is one of the user-controlled variables, which has been
-				successfully tested on Debian Squeeze using the default Exim4 with dovecot-common
+				commands, since this is one of the user-controlled variables. It has been
+				successfully tested on Debian Squeeze using the default Exim4 with the dovecot-common
 				packages.
 			},
 			'Author'         =>

modules/exploits/multi/browser/java_jre17_driver_manager.rb

@@ -23,10 +23,10 @@ def initialize( info = {} )
 			'Name'          => 'Java Applet Driver Manager Privileged toString() Remote Code Execution',
 			'Description'   => %q{
 					This module abuses the java.sql.DriverManager class where the toString() method
-				is called over user supplied classes, from a doPrivileged block. The vulnerability
-				affects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE
-				throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java
-				Web Start can be launched automatically throw the ActiveX control. Otherwise the
+				is called over user supplied classes from a doPrivileged block. The vulnerability
+				affects Java version 7u17 and earlier. This exploit bypasses click-to-play on Internet Explorer
+				and throws a specially crafted JNLP file. This bypass is applicable mainly to IE, where Java
+				Web Start can be launched automatically through the ActiveX control. Otherwise, the
 				applet is launched without click-to-play bypass.
 			},
 			'License'       => MSF_LICENSE,

modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb

@@ -33,11 +33,11 @@ def initialize(info={})
 				component, specifically PDF_IN_1.ocx.  When a long string of data is given
 				to the ConnectToSynactis function, which is meant to be used for the ldCmdLine
 				argument of a WinExec call, a strcpy routine can end up overwriting a TRegistry
-				class pointer saved on the stack, and results in arbitrary code execution under the
+				class pointer saved on the stack, resulting in arbitrary code execution under the
 				context of the user.
 
 					Also note that since the WinExec function is used to call the default browser,
-				you must be aware that: 1) The default must be Internet Explorer, and 2) When the
+				you must be aware that: 1) The default must be Internet Explorer, and 2) when the
 				exploit runs, another browser will pop up.
 
 					Synactis PDF In-The-Box is also used by other software such as Logic Print 2013,
@@ -203,4 +203,4 @@ def on_request_uri(cli, request)
 		print_status("Target selected as: #{target.name}")
 		send_response(cli, get_html(cli, request, target), {'Content-Type'=>'text/html', 'Cache-Control'=>'no-cache'})
 	end
-end
+end

modules/exploits/windows/http/novell_mdm_lfi.rb

@@ -14,14 +14,16 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize
 		super(
-			'Name'           => 'Novell Zenworks Mobile Device Managment Local File Inclusion Vulnerability',
+			'Name'           => 'Novell Zenworks Mobile Managment MDM.php Local File Inclusion Vulnerability',
 			'Description'    => %q{
-				This module attempts to gain remote code execution on a server running
-				Novell Zenworks Mobile Device Management.
+				This module exercises a vulnerability in Novel Zenworks Mobile Management's Mobile Device Management component
+				which can allow unauthenticated remote code execution. Due to a flaw in the MDM.php script's input validation,
+				remote attackers can both upload and execute code via a directory traversal flaw exposed in the 'language'
+				parameter of a POST call to DUSAP.php.
 			},
 			'Author'         =>
 				[
-					'steponequit',
+					'steponequit', # Metasploit module
 					'Andrea Micalizzi (aka rgod)' #zdi report
 				],
 			'Platform'       => 'win',
@@ -34,6 +36,7 @@ def initialize
 				[
 					['CVE', '2013-1081'],
 					['OSVDB', '91119'],
+					['URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-087/'],
 					['URL', 'http://www.novell.com/support/kb/doc.php?id=7011895']
 				],
 			'DisclosureDate' => "Mar 13 2013",

modules/payloads/singles/cmd/unix/bind_awk.rb

@@ -18,7 +18,7 @@ module Metasploit4
 	def initialize(info = {})
 		super(merge_info(info,
 			'Name'          => 'Unix Command Shell, Bind TCP (via AWK)',
-			'Description'   => 'Listen for a connection and spawn a command shell via AWK',
+			'Description'   => 'Listen for a connection and spawn a command shell via GNU AWK',
 			'Author'        =>
 				[
 					'espreto <robertoespreto[at]gmail.com>',

modules/payloads/singles/cmd/unix/reverse_awk.rb

@@ -18,7 +18,7 @@ module Metasploit3
 	def initialize(info = {})
 		super(merge_info(info,
 			'Name'          => 'Unix Command Shell, Reverse TCP (via AWK)',
-			'Description'   => 'Creates an interactive shell via AWK',
+			'Description'   => 'Creates an interactive shell via GNU AWK',
 			'Author'        =>
 				[
 					'espreto <robertoespreto[at]gmail.com>',