Various grammar, spelling, word choice fixes

Author: Tod Beardsley

modules/auxiliary/gather/huawei_wifi_info.rb

@@ -55,16 +55,16 @@ def initialize(info={})
     super(update_info(info,
       'Name'           => "Huawei Datacard Information Disclosure Vulnerability",
       'Description'    => %q{
-        This module exploits an un-authenticated information disclosure vulnerability in Huawei
+        This module exploits an unauthenticated information disclosure vulnerability in Huawei
         SOHO routers. The module will gather information by accessing the /api pages where
         authentication is not required, allowing configuration changes as well as information
-        disclosure including any stored SMS.
+        disclosure, including any stored SMS.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
         [
-          'Jimson K James.',
-          '<tomsmaily[at]aczire.com>', # Msf module
+          'Jimson K James',
+          'Tom James <tomsmaily[at]aczire.com>', # Msf module
         ],
       'References'     =>
         [
@@ -82,7 +82,7 @@ def initialize(info={})
 
   end
 
-  #Gather basic router information
+  # Gather basic router information
   def run
     get_router_info
     print_line('')
@@ -168,7 +168,7 @@ def get_router_ssid
         'uri'     => '/api/wlan/basic-settings',
       })
 
-    #check whether we got any response from server and proceed.
+    # check whether we got any response from server and proceed.
     unless is_target?(res)
       return nil
     end
@@ -273,19 +273,19 @@ def get_router_dhcp_info
   end
 
   def is_target?(res)
-    #check whether we got any response from server and proceed.
+    # check whether we got any response from server and proceed.
     unless res
       print_error("#{peer} - Failed to get any response from server")
       return false
     end
 
-    #Is it a HTTP OK
+    # Is it a HTTP OK
     unless res.code == 200
       print_error("#{peer} - Did not get HTTP 200, URL was not found")
       return false
     end
 
-    #Check to verify server reported is a Huawei router
+    # Check to verify server reported is a Huawei router
     unless res.headers['Server'].match(/IPWEBS\/1.4.0/i)
       print_error("#{peer} - Target doesn't seem to be a Huawei router")
       return false

modules/auxiliary/gather/konica_minolta_pwd_extract.rb

@@ -14,10 +14,11 @@ class Metasploit3 < Msf::Auxiliary
   def initialize(info = {})
     super(update_info(info,
       'Name'        => 'Konica Minolta Password Extractor',
-      'Description' => %q(
-        This module will extract FTP and SMB account usernames and passwords
-        from Konica Minolta mfp devices. Tested models include: C224, C280,
-        283, C353, C360, 363, 420, C452,C452, C452, C454e, C554 ),
+      'Description' => %q{
+          This module will extract FTP and SMB account usernames and passwords
+          from Konica Minolta multifunction printer (MFP) devices. Tested models
+          include: C224, C280, 283, C353, C360, 363, 420, C452,C452, C452, C454e, C554
+        },
       'Author'      =>
         [
           'Deral "Percentx" Heiland',

modules/auxiliary/gather/mcafee_epo_xxe.rb

@@ -18,15 +18,15 @@ def initialize(info = {})
       off of the filesystem. This properties file contains an encrypted password that is set during
       installation. What is interesting about this password is that it is set as the same password
       as the database 'sa' user and of the admin user created during installation. This password
-      is encrypted with a static key, and is encrypted using a weak cipher at that (ECB). By default,
-      if installed with a local SQL Server instance, the SQL server is listening on all interfaces.
+      is encrypted with a static key, and is encrypted using a weak cipher (ECB). By default,
+      if installed with a local SQL Server instance, the SQL Server is listening on all interfaces.
 
       Recovering this password allows an attacker to potentially authenticate as the 'sa' SQL Server
       user in order to achieve remote command execution with permissions of the database process. If
-      the administrator has no changed the password for the initially created account since installation,
-      the attacker also now has the password for this account. By default, 'admin' is recommended.
+      the administrator has not changed the password for the initially created account since installation,
+      the attacker will have the password for this account. By default, 'admin' is recommended.
 
-      Any user account can be used to exploit this, all that is needed is a pair of credentials.
+      Any user account can be used to exploit this, all that is needed is a valid credential.
 
       The most data that can be successfully retrieved is 255 characters due to length restrictions
       on the field used to perform the XXE attack.

modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rb

@@ -19,7 +19,7 @@ def initialize(info = {})
         'Misfortune Cookie' vulnerability which affects Allegro Software
         Rompager versions before 4.34 and can allow attackers to authenticate
         to the HTTP service as an administrator without providing valid
-        credentials, however more specifics are not yet known.
+        credentials.
       ),
       'Author' => [
         'Jon Hart <jon_hart[at]rapid7.com>', # metasploit module

modules/auxiliary/voip/cisco_cucdm_call_forward.rb

@@ -16,7 +16,7 @@ def initialize(info={})
       'Description' => %q{
         The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager
         (CDM) 10 does not properly implement access control, which allows remote attackers to
-        modify user information. This module exploits the vulnerability for configure unauthorized
+        modify user information. This module exploits the vulnerability to configure unauthorized
         call forwarding.
       },
       'Author'      => 'fozavci',

modules/auxiliary/voip/cisco_cucdm_speed_dials.rb

@@ -17,7 +17,7 @@ def initialize(info={})
         The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager
         (CDM), before version 10, doesn't implement access control properly, which allows remote
         attackers to modify user information. This module exploits the vulnerability to make
-        unauthorized speeddial manipulations.
+        unauthorized speeddial entity manipulations.
       },
       'Author'        => 'fozavci',
       'References'    =>

modules/exploits/linux/local/desktop_privilege_escalation.rb

@@ -20,11 +20,11 @@ def initialize(info={})
       'Description'   => %q{
         This module steals the user password of an administrative user on a desktop Linux system
         when it is entered for unlocking the screen or for doing administrative actions using
-        policykit. Then it escalates to root privileges using sudo and the stolen user password.
+        PolicyKit. Then, it escalates to root privileges using sudo and the stolen user password.
         It exploits the design weakness that there is no trusted channel for transferring the
         password from the keyboard to the actual password verificatition against the shadow file
         (which is running as root since /etc/shadow is only readable to the root user). Both
-        screensavers (xscreensaver/gnome-screensaver) and policykit use a component running under
+        screensavers (xscreensaver/gnome-screensaver) and PolicyKit use a component running under
         the current user account to query for the password and then pass it to a setuid-root binary
         to do the password verification. Therefore, it is possible to inject a password stealer
         after compromising the user account. Since sudo requires only the user password (and not

modules/exploits/multi/http/manageengine_auth_upload.rb

@@ -17,10 +17,10 @@ def initialize(info = {})
         This module exploits a directory traversal vulnerability in ManageEngine ServiceDesk,
         AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts
         the upload does not handle correctly '../' sequences, which can be abused to write
-        in the file system. Authentication is needed to exploit this vulnerability, but this module
+        to the file system. Authentication is needed to exploit this vulnerability, but this module
         will attempt to login using the default credentials for the administrator and guest
-        accounts. Alternatively you can provide a pre-authenticated cookie or a username / password
-        combo. For IT360 targets enter the RPORT of the ServiceDesk instance (usually 8400). All
+        accounts. Alternatively, you can provide a pre-authenticated cookie or a username / password.
+        For IT360 targets, enter the RPORT of the ServiceDesk instance (usually 8400). All
         versions of ServiceDesk prior v9 build 9031 (including MSP but excluding v4), AssetExplorer,
         SupportCenter and IT360 (including MSP) are vulnerable. At the time of release of this
         module, only ServiceDesk v9 has been fixed in build 9031 and above. This module has been

modules/exploits/multi/http/pandora_upload_exec.rb

@@ -13,9 +13,9 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => "Pandora v3.1 Auth Bypass and Arbitrary File Upload Vulnerability",
+      'Name'           => "Pandora FMS v3.1 Auth Bypass and Arbitrary File Upload Vulnerability",
       'Description'    => %q{
-        This module exploits an authentication bypass vulnerability in Pandora v3.1 as
+        This module exploits an authentication bypass vulnerability in Pandora FMS v3.1 as
         disclosed by Juan Galiana Lara. It also integrates with the built-in pandora
         upload which allows a user to upload arbitrary files to the '/images/' directory.
 

modules/exploits/unix/webapp/wp_symposium_shell_upload.rb

@@ -15,17 +15,15 @@ def initialize(info = {})
     super(update_info(
       info,
       'Name'            => 'WordPress WP Symposium 14.11 Shell Upload',
-      'Description'     => %q{WP Symposium Plugin for WordPress contains a
-                              flaw that allows a remote attacker to execute
-                              arbitrary PHP code. This flaw exists because the
-                              /wp-symposium/server/file_upload_form.php script
-                              does not properly verify or sanitize
-                              user-uploaded files. By uploading a .php file,
-                              the remote system will place the file in a
-                              user-accessible path. Making a direct request to
-                              the uploaded file will allow the attacker to
-                              execute the script with the privileges of the
-                              web server.},
+      'Description'     => %q{
+          WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker
+          to execute arbitrary PHP code. This flaw exists because the
+          /wp-symposium/server/file_upload_form.php script does not properly verify or
+          sanitize user-uploaded files. By uploading a .php file, the remote system will
+          place the file in a user-accessible path. Making a direct request to the
+          uploaded file will allow the attacker to execute the script with the privileges
+          of the web server.
+        },
       'License'         => MSF_LICENSE,
       'Author'          =>
         [