Land #8940, @h00die's second round of desc fixes

One ninja edit along the way as well.
bug/bundler_fix
Tod Beardsley 2017-09-11 13:05:13 -05:00
commit 5f66b7eb1a
No known key found for this signature in database
GPG Key ID: 08B5B91DC85943FE
76 changed files with 87 additions and 87 deletions

View File

@ -17,7 +17,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a file upload vulnerability in SysAid Help Desk v14.3 and v14.4.
The vulnerability exists in the RdsLogsEntry servlet which accepts unauthenticated
file uploads and handles zip file contents in a insecure way. By combining both weaknesses,
file uploads and handles zip file contents in an insecure way. By combining both weaknesses,
a remote attacker can accomplish remote code execution. Note that this will only work if the
target is running Java 6 or 7 up to 7u25, as Java 7u40 and above introduces a protection
against null byte injection in file names. This module has been tested successfully on version

View File

@ -24,7 +24,7 @@ class MetasploitModule < Msf::Exploit::Remote
Note: You have the option to use the authentication bypass or not since it requires
that the server is rebooted. The password reset will render the authentication useless.
Typically, if an administrator cant login, they will bounce the box. Therefore, this
module performs a heart beat request until the box is bounced and then attempts to login
module performs a heartbeat request until the box is bounced and then attempts to login
and to perform the command injection. This module has been tested on version 2.6.1062r1
of the appliance.
},

View File

@ -21,7 +21,7 @@ class MetasploitModule < Msf::Exploit::Remote
which can be exploited by exploits/multi/http/uptime_file_upload_1.rb, but it was mitigated
by the vendor.
Although the mitigiation in place will prevent uptime_file_upload_1.rb from working, it
Although the mitigation in place will prevent uptime_file_upload_1.rb from working, it
can still be bypassed and gain privilege escalation, and allows the attacker to upload file
again, and execute arbitrary commands.
},

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
vTiger CRM allows an authenticated user to upload files to embed within documents.
Due to insufficient privileges on the 'files' upload folder, an attacker can upload a PHP
script and execute aribtrary PHP code remotely.
script and execute arbitrary PHP code remotely.
This module was tested against vTiger CRM v5.4.0 and v5.3.0.
},

View File

@ -16,7 +16,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload',
'Description' => %q{
vTiger CRM allows an user to bypass authentication when requesting SOAP services.
vTiger CRM allows a user to bypass authentication when requesting SOAP services.
In addition, arbitrary file upload is possible through the AddEmailAttachment SOAP
service. By combining both vulnerabilities an attacker can upload and execute PHP
code. This module has been tested successfully on vTiger CRM v5.4.0 over Ubuntu

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a vulnerability found in WebPageTest's Upload Feature. By
default, the resultimage.php file does not verify the user-supplied item before
saving it to disk, and then places this item in the web directory accessable by
saving it to disk, and then places this item in the web directory accessible by
remote users. This flaw can be abused to gain remote code execution.
},
'License' => MSF_LICENSE,

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a vulnerability found in WikkaWiki. When the spam logging
feature is enabled, it is possible to inject PHP code into the spam log file via the
UserAgent header , and then request it to execute our payload. There are at least
UserAgent header, and then request it to execute our payload. There are at least
three different ways to trigger spam protection, this module does so by generating
10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6).

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution',
'Description' => %q{
This module exploits a post-auth vulnerability found in X7 Chat versions
2.0.0 up to 2.0.5.1. The vulnerable code exists on lib/message.php, which
2.0.0 up to 2.0.5.1. The vulnerable code exists on lib/message.php, which
uses preg_replace() function with the /e modifier. This allows a remote
authenticated attacker to execute arbitrary PHP code in the remote machine.
},

View File

@ -14,9 +14,9 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
ZABBIX allows an administrator to create scripts that will be run on hosts.
An authenticated attacker can create a script containing a payload, then a host
with an IP of 127.0.0.1 and run the abitrary script on the ZABBIX host.
with an IP of 127.0.0.1 and run the arbitrary script on the ZABBIX host.
This module was tested againt Zabbix v2.0.9.
This module was tested against Zabbix v2.0.9.
},
'License' => MSF_LICENSE,
'Author' =>

View File

@ -16,7 +16,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'Novell ZENworks Configuration Management Remote Execution',
'Description' => %q{
This module exploits a code execution flaw in Novell ZENworks Configuration
Management 10 SP3 and 11 SP2. The vulnerability exists in the ZEnworks Control
Management 10 SP3 and 11 SP2. The vulnerability exists in the ZENworks Control
Center application, allowing an unauthenticated attacker to upload a malicious file
outside of the TEMP directory and then make a second request that allows for
arbitrary code execution. This module has been tested successfully on Novell

View File

@ -19,7 +19,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'Zpanel Remote Unauthenticated RCE',
'Description' => %q{
This module exploits an information disclosure vulnerability
in Zpanel. The vulnerability is due to a vulnerable version
in ZPanel. The vulnerability is due to a vulnerable version
of pChart used by ZPanel that allows unauthenticated users to read
arbitrary files remotely on the file system. This particular module
utilizes this vulnerability to identify the username/password

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution',
'Description' => %q{
This module abuses the "RunScript" procedure provided by the SOAP interface of
Adobe InDesign Server, to execute abritary vbscript (Windows) or applescript(OSX).
Adobe InDesign Server, to execute arbitrary vbscript (Windows) or applescript (OSX).
The exploit drops the payload on the server and must be removed manually.
},

View File

@ -12,13 +12,13 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Legend Perl IRC Bot Remote Code Execution',
'Description' => %q{
This module exploits a remote command execution on the Legend Perl IRC Bot .
This module exploits a remote command execution on the Legend Perl IRC Bot.
This bot has been used as a payload in the Shellshock spam last October 2014.
This particular bot has functionalities like NMAP scanning, TCP, HTTP, SQL, and
UDP flooding, the ability to remove system logs, and ability to gain root, and
VNC scanning.
Kevin Stevens, a Senior Threat Researcher at Damballa has uploaded this script
Kevin Stevens, a Senior Threat Researcher at Damballa, has uploaded this script
to VirusTotal with a md5 of 11a9f1589472efa719827079c3d13f76.
},
'Author' =>

View File

@ -20,7 +20,7 @@ class MetasploitModule < Msf::Exploit::Remote
In order to trigger arbitrary remote code execution, the best way seems to
be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or
a fileformat that OS X might automount), and then execute it in /Volumes/[share].
a file format that OS X might automount), and then execute it in /Volumes/[share].
If there's some kind of bug that leaks the victim machine's current username,
then it's also possible to execute the payload in /Users/[username]/Downloads/,
or else bruteforce your way to getting that information.

View File

@ -15,7 +15,7 @@ class MetasploitModule < Msf::Exploit::Remote
This module exploits a stack buffer overflow in the web server provided with the EvoCam
program for Mac OS X. We use Dino Dai Zovi's exec-from-heap technique to copy the payload
from the non-executable stack segment to heap memory. Vulnerable versions include 3.6.6,
3.6.7, and possibly earlier versions as well. EvoCam version 3.6.8 fixes the vulnerablity.
3.6.7, and possibly earlier versions as well. EvoCam version 3.6.8 fixes the vulnerability.
},
'Author' =>
[

View File

@ -44,7 +44,7 @@ class MetasploitModule < Msf::Exploit::Local
Note: If the user has locked the Date/Time preferences, requests to overwrite
the system clock will be ignored, and the module will silently fail. However,
if the "Require an administrator password to access locked preferences" setting
is not enabled, the Date/Time preferences are often unlocked everytime the admin
is not enabled, the Date/Time preferences are often unlocked every time the admin
logs in, so you can install persistence and wait for a chance later.
},
'License' => MSF_LICENSE,

View File

@ -12,7 +12,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Sun Solaris Telnet Remote Authentication Bypass Vulnerability',
'Description' => %q{
This module exploits the argument injection vulnerabilty
This module exploits the argument injection vulnerability
in the telnet daemon (in.telnetd) of Solaris 10 and 11.
},
'Author' => [ 'MC' ],

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'LifeSize Room Command Injection',
'Description' => %q{
This module exploits a vulnerable resource in LifeSize
Room versions 3.5.3 and 4.7.18 to inject OS commmands. LifeSize
Room versions 3.5.3 and 4.7.18 to inject OS commands. LifeSize
Room is an appliance and thus the environment is limited
resulting in a small set of payload options.
},

View File

@ -15,7 +15,7 @@ class MetasploitModule < Msf::Exploit::Local
info,
'Name' => 'at(1) Persistence',
'Description' => %q(
This module achieves persisience by executing payloads via at(1).
This module achieves persistence by executing payloads via at(1).
),
'License' => MSF_LICENSE,
'Author' =>

View File

@ -22,7 +22,7 @@ class MetasploitModule < Msf::Exploit::Remote
'DisclosureDate' => 'Jan 18 2013',
'Description' => %q(
The login component of the Polycom Command Shell on Polycom HDX
video endpints, running software versions 3.0.5 and earlier,
video endpoints, running software versions 3.0.5 and earlier,
is vulnerable to an authorization bypass when simultaneous
connections are made to the service, allowing remote network
attackers to gain access to a sandboxed telnet prompt without

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a vulnerability found in Xerox Multifunction Printers (MFP). By
supplying a modified Dynamic Loadable Module (DLM), it is possible to execute arbitrary
commands under root priviages.
commands under root privileges.
},
'Author' =>
[

View File

@ -15,7 +15,7 @@ class MetasploitModule < Msf::Exploit::Remote
This module exploits an arbitrary command execution vulnerability in the
AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based
payloads are recommended with this module. The vulnerability is only
present when AllowToUpdateStatsFromBrowser is enabled in the AWstats
present when AllowToUpdateStatsFromBrowser is enabled in the AWStats
configuration file (non-default).
},
'Author' => [ 'patrick' ],

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'Barracuda IMG.PL Remote Command Execution',
'Description' => %q{
This module exploits an arbitrary command execution vulnerability in the
Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable.
Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable.
},
'Author' => [ 'Nicolas Gregoire <ngregoire[at]exaprobe.com>', 'hdm' ],
'License' => MSF_LICENSE,

View File

@ -15,7 +15,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a file upload vulnerability found in Havalite CMS 1.1.7, and
possibly prior. Attackers can abuse the upload feature in order to upload a
malicious PHP file without authentication, which results in arbitary remote code
malicious PHP file without authentication, which results in arbitrary remote code
execution.
},
'License' => MSF_LICENSE,

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Joomla Component JCE File Upload Remote Code Execution',
'Description' => %q{
This module exploits a vulnerability in the JCE component for Joomla!, which
This module exploits a vulnerability in the JCE component for Joomla!, which
could allow an unauthenticated remote attacker to upload arbitrary files, caused by the
fails to sufficiently sanitize user-supplied input. Sending specially-crafted HTTP
request, a remote attacker could exploit this vulnerability to upload a malicious PHP

View File

@ -16,7 +16,7 @@ class MetasploitModule < Msf::Exploit::Remote
This module exploits a file upload vulnerability found in LibrettoCMS 1.1.7, and
possibly prior. Attackers can bypass the file extension check and abuse the upload
feature in order to upload a malicious PHP file without authentication, which
results in arbitary remote code execution.
results in arbitrary remote code execution.
},
'License' => MSF_LICENSE,
'Author' =>

View File

@ -12,7 +12,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'PhpMyAdmin Config File Code Injection',
'Description' => %q{
This module exploits a vulnerability in PhpMyAdmin's setup
This module exploits a vulnerability in phpMyAdmin's setup
feature which allows an attacker to inject arbitrary PHP
code into a configuration file. The original advisory says
the vulnerability is present in phpMyAdmin versions 2.11.x

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a PHP code injection in SPIP. The vulnerability exists in the
connect parameter and allows an unauthenticated user to execute arbitrary commands
with web user privileges. Branchs 2.0, 2.1 and 3 are concerned. Vulnerable versions
with web user privileges. Branches 2.0, 2.1 and 3 are concerned. Vulnerable versions
are <2.0.21, <2.1.16 and < 3.0.3, but this module works only against branch 2.0 and
has been tested successfully with SPIP 2.0.11 and SPIP 2.0.20 with Apache on Ubuntu
and Fedora linux distributions.

View File

@ -17,8 +17,8 @@ class MetasploitModule < Msf::Exploit::Remote
which could be abused to allow unauthenticated users to execute arbitrary code
under the context of the web server user.
The issue comes with one of the 3rd party components. Name of that components is
ELFinder -version 2.0-. This components comes with default example page which
The issue comes with one of the 3rd party components. Name of that component is
ELFinder -version 2.0-. This component comes with default example page which
demonstrates file operations such as upload, remove, rename, create directory etc.
Default configuration does not force validations such as file extension, content-type etc.
Thus, unauthenticated user can upload PHP file.

View File

@ -12,7 +12,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Tuleap PHP Unserialize Code Execution',
'Description' => %q{
This module exploits a PHP object injection vulnerability in Tuelap <= 7.6-4 which could be
This module exploits a PHP object injection vulnerability in Tuleap <= 7.6-4 which could be
abused to allow authenticated users to execute arbitrary code with the permissions of the
web server. The dangerous unserialize() call exists in the 'src/www/project/register.php'
file. The exploit abuses the destructor method from the Jabbex class in order to reach a

View File

@ -21,7 +21,7 @@ class MetasploitModule < Msf::Exploit::Remote
If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also,
if the 'TwikiPage' option isn't provided, the module will try to create a random
page on the SandBox space. The modules has been tested successfully on
page on the SandBox space. The module has been tested successfully on
TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.
},
'Author' =>

View File

@ -20,7 +20,7 @@ class MetasploitModule < Msf::Exploit::Remote
be used to bypass the session check as long as at least one session has been
created at some point in time. In case there isn't any valid session, the user can
provide astGUIcient credentials in order to create one. The results of the injected
command are returned as part of the response from the web server. Affected versions
commands are returned as part of the response from the web server. Affected versions
include 2.7RC1, 2.7, and 2.8-403a. Other versions are likely affected as well. The
default credentials used by Vicidial are VDCL/donotedit and VDAD/donotedit.
},

View File

@ -15,7 +15,7 @@ class MetasploitModule < Msf::Exploit::Remote
This module exploits an arbitrary command execution vulnerability in Webmin
1.580. The vulnerability exists in the /file/show.cgi component and allows an
authenticated user, with access to the File Manager Module, to execute arbitrary
commands with root privileges. The module has been tested successfully with Webim
commands with root privileges. The module has been tested successfully with Webmin
1.580 over Ubuntu 10.04.
},
'Author' => [

View File

@ -19,7 +19,7 @@ class MetasploitModule < Msf::Exploit::Remote
blogging software plugin known as Google Document Embedder. The vulnerability allows for
database credential disclosure via the /libs/pdf.php script. The Google Document Embedder
plug-in versions 2.4.6 and below are vulnerable. This exploit only works when the MySQL
server is exposed on a accessible IP and Wordpress has filesystem write access.
server is exposed on an accessible IP and WordPress has filesystem write access.
Please note: The admin password may get changed if the exploit does not run to the end.
},

View File

@ -16,7 +16,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'WordPress OptimizePress Theme File Upload Vulnerability',
'Description' => %q{
This module exploits a vulnerability found in the the WordPress theme OptimizePress. The
This module exploits a vulnerability found in the WordPress theme OptimizePress. The
vulnerability is due to an insecure file upload on the media-upload.php component, allowing
an attacker to upload arbitrary PHP code. This module has been tested successfully on
OptimizePress 1.45.

View File

@ -15,7 +15,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
The WordPress Theme "platform" contains a remote code execution vulnerability
through an unchecked admin_init call. The theme includes the uploaded file
from it's temp filename with php's include function.
from its temp filename with php's include function.
},
'Author' =>
[

View File

@ -12,14 +12,14 @@ class MetasploitModule < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(
info,
'Name' => 'Wordpress WPTouch Authenticated File Upload',
'Name' => 'WordPress WPTouch Authenticated File Upload',
'Description' => %q{
The Wordpress WPTouch plugin contains an auhtenticated file upload
The WordPress WPTouch plugin contains an authenticated file upload
vulnerability. A wp-nonce (CSRF token) is created on the backend index
page and the same token is used on handling ajax file uploads through
the plugin. By sending the captured nonce with the upload, we can
upload arbitrary files to the upload folder. Because the plugin also
uses it's own file upload mechanism instead of the wordpress api it's
uses its own file upload mechanism instead of the WordPress api it's
possible to upload any file type.
The user provided does not need special rights, and users with "Contributor"
role can be abused.

View File

@ -15,7 +15,7 @@ class MetasploitModule < Msf::Exploit::Remote
This module exploits a vulnerability found in ZPanel's htpasswd module. When
creating .htaccess using the htpasswd module, the username field can be used to
inject system commands, which is passed on to a system() function for executing
the system's htpasswd's command.
the system's htpasswd command.
Please note: In order to use this module, you must have a valid account to login
to ZPanel. An account part of any of the default groups should suffice, such as:

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'CA BrightStor ArcServe Media Service Stack Buffer Overflow',
'Description' => %q{
This exploit targets a stack buffer overflow in the MediaSrv RPC service of CA
BrightStor Arcserve. By sending a specially crafted SUNRPC request, an attacker
BrightStor ARCserve. By sending a specially crafted SUNRPC request, an attacker
can overflow a stack buffer and execute arbitrary code.
},
'Author' => [ 'toto' ],

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a vulnerability found in the ActiveX component of Adobe
Flash Player before 11.5.502.149. By supplying a specially crafted swf file
with special regex value, it is possible to trigger an memory corruption, which
with special regex value, it is possible to trigger a memory corruption, which
results in remote code execution under the context of the user, as exploited in
the wild in February 2013. This module has been tested successfully with Adobe
Flash Player 11.5 before 11.5.502.149 on Windows XP SP3 and Windows 7 SP1 before

View File

@ -12,7 +12,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory',
'Description' => %q{
This module exploits an unintialized memory vulnerability in Adobe Flash Player. The
This module exploits an uninitialized memory vulnerability in Adobe Flash Player. The
vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, which fails
to initialize allocated memory. When using a correct memory layout this vulnerability
leads to a ByteArray object corruption, which can be abused to access and corrupt memory.

View File

@ -24,7 +24,7 @@ class MetasploitModule < Msf::Exploit::Remote
NOTE: This module uses a similar DEP bypass method to that used within the
adobe_libtiff module. This method is unlikely to work across various
Windows versions due a the hardcoded syscall number.
Windows versions due a hardcoded syscall number.
},
'License' => MSF_LICENSE,
'Author' =>

View File

@ -18,7 +18,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a flaw in the handling of AOL Instant
Messenger's 'goaway' URI handler. An attacker can execute
arbitrary code by supplying a overly sized buffer as the
arbitrary code by supplying an overly sized buffer as the
'message' parameter. This issue is known to affect AOL Instant
Messenger 5.5.
},

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'Ask.com Toolbar askBar.dll ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Ask.com Toolbar 4.0.2.53.
An attacker may be able to excute arbitrary code by sending an overly
An attacker may be able to execute arbitrary code by sending an overly
long string to the "ShortFormat()" method in askbar.dll.
},
'License' => MSF_LICENSE,

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'BaoFeng Storm mps.dll ActiveX OnBeforeVideoDownload Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in BaoFeng's Storm media Player ActiveX
control. Verions of mps.dll including 3.9.4.27 and lower are affected. When passing
control. Versions of mps.dll including 3.9.4.27 and lower are affected. When passing
an overly long string to the method "OnBeforeVideoDownload" an attacker can execute
arbitrary code.
},

View File

@ -26,7 +26,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module allows remote attackers to place arbitrary files on a users file system
by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX
Control (BIImgFrm.ocx 12.0.0.0). Code exeuction can be acheived by first uploading the
Control (BIImgFrm.ocx 12.0.0.0). Code execution can be achieved by first uploading the
payload to the remote machine, and then upload another mof file, which enables Windows
Management Instrumentation service to execute the binary. Please note that this module
currently only works for Windows before Vista. Also, a similar issue is reported in

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'CommuniCrypt Mail 1.16 SMTP ActiveX Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the ANSMTP.dll/AOSMTP.dll
ActiveX Control provided by CommuniCrypt Mail 1.16. By sending a overly
ActiveX Control provided by CommuniCrypt Mail 1.16. By sending an overly
long string to the "AddAttachments()" method, an attacker may be able to
execute arbitrary code.
},

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Electronic Arts SnoopyCtrl
ActiveX Control (NPSnpy.dll 1.1.0.36. When sending a overly long
ActiveX Control (NPSnpy.dll 1.1.0.36. When sending an overly long
string to the CheckRequirements() method, an attacker may be able
to execute arbitrary code.
},

View File

@ -13,11 +13,11 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => "Honeywell Tema Remote Installer ActiveX Remote Code Execution",
'Description' => %q{
This modules exploits a vulnerability found in the Honewell Tema ActiveX Remote
This module exploits a vulnerability found in the Honeywell Tema ActiveX Remote
Installer. This ActiveX control can be abused by using the DownloadFromURL()
function to install an arbitrary MSI from a remote location without checking source
authenticity or user notification. This module has been tested successfully with
the Remote Installer ActiveX installed with HoneyWell EBI R410.1 - TEMA 5.3.0 and
the Remote Installer ActiveX installed with Honeywell EBI R410.1 - TEMA 5.3.0 and
Internet Explorer 6, 7 and 8 on Windows XP SP3.
},
'License' => MSF_LICENSE,

View File

@ -30,8 +30,8 @@ class MetasploitModule < Msf::Exploit::Remote
The vulnerability is found in the "RunAndUploadFile" method
where the "OtherFields" parameter with user controlled data
is used to build a "Content-Dispoition" header and attach
contents in a insecure way which allows to overflow a buffer
is used to build a "Content-Disposition" header and attach
contents in an insecure way which allows to overflow a buffer
in the stack.
},
'License' => MSF_LICENSE,

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control',
'Description' => %q{
This module exploits a stack based buffer overflow in the Active control file
ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles()
ImageViewer2.OCX by passing an overly long argument to an insecure TifMergeMultiFiles()
method. Exploitation results in code execution with the privileges of the user who
browsed to the exploit page.

View File

@ -27,9 +27,9 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => "InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow",
'Description' => %q{
This module exploits a heap overflow found in InduSoft Web Studio <= 61.6.00.00
SP6. The overflow exists in the ISSymbol.ocx, and can be triggered with a long
SP6. The overflow exists in the ISSymbol.ocx, and can be triggered with a long
string argument for the InternationalSeparator() method of the ISSymbol control.
This modules uses the msvcr71.dll form the Java JRE6 to bypass ASLR.
This module uses the msvcr71.dll form the Java JRE6 to bypass ASLR.
},
'License' => MSF_LICENSE,
'Author' =>

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'Quest InTrust Annotation Objects Uninitialized Pointer',
'Description' => %q{
This module exploits an uninitialized variable vulnerability in the
Annotation Objects ActiveX component. The activeX component loads into memory without
Annotation Objects ActiveX component. The ActiveX component loads into memory without
opting into ALSR so this module exploits the vulnerability against windows Vista and
Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX
points to part of the ROP chain in a heap chunk and the calculated call will hit the

View File

@ -17,7 +17,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'Sun Java Web Start Double Quote Injection',
'Description' => %q{
This module exploits a flaw in the Web Start component of the Sun Java
Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP
Runtime Environment. Parameters initial-heap-size and max-heap-size in a JNLP
file can contain a double quote which is not properly sanitized when creating
the command line for javaw.exe. This allows the injection of the -XXaltjvm
option to load a jvm.dll from a remote UNC path into the java process. Thus

View File

@ -25,7 +25,7 @@ class MetasploitModule < Msf::Exploit::Remote
allows an attacker to execute arbitrary code in the context of an unsuspecting
browser user.
In order for this module to work, it must be ran as root on a server that
In order for this module to work, it must be run as root on a server that
does not serve SMB. Additionally, the target host must have the WebClient
service (WebDAV Mini-Redirector) enabled.
},

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a stack buffer overflow in the Altnet Download Manager ActiveX
Control (amd4.dll) bundled with Kazaa Media Desktop 3.2.7.
By sending a overly long string to the "Install()" method, an attacker may be
By sending an overly long string to the "Install()" method, an attacker may be
able to execute arbitrary code.
},
'License' => MSF_LICENSE,

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'Logitech VideoCall ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the Logitech VideoCall ActiveX
Control (wcamxmp.dll 2.0.3470.448). By sending a overly long string to the
Control (wcamxmp.dll 2.0.3470.448). By sending an overly long string to the
"Start()" method, an attacker may be able to execute arbitrary code.
},
'License' => MSF_LICENSE,

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Macrovision InstallShield Update Service ActiveX Unsafe Method',
'Description' => %q{
This module allows attackers to execute code via an unsafe methods in Macrovision InstallShield 2008.
This module allows attackers to execute code via an unsafe method in Macrovision InstallShield 2008.
},
'License' => MSF_LICENSE,
'Author' => [ 'MC' ],

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => "McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability",
'Description' => %q{
This modules exploits a vulnerability found in McAfee Virtual Technician's
This module exploits a vulnerability found in McAfee Virtual Technician's
MVTControl. This ActiveX control can be abused by using the GetObject() function
to load additional unsafe classes such as WScript.Shell, therefore allowing remote
code execution under the context of the user.

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'McAfee Visual Trace ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the McAfee Visual Trace 3.25 ActiveX
Control (NeoTraceExplorer.dll 1.0.0.1). By sending a overly long string to the
Control (NeoTraceExplorer.dll 1.0.0.1). By sending an overly long string to the
"TraceTarget()" method, an attacker may be able to execute arbitrary code.
},
'License' => MSF_LICENSE,

View File

@ -13,8 +13,8 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Firefox onreadystatechange Event DocumentViewerImpl Use After Free',
'Description' => %q{
This module exploits a vulnerability found on Firefox 17.0.6, specifically an use
after free of a DocumentViewerImpl object, triggered via an specially crafted web
This module exploits a vulnerability found on Firefox 17.0.6, specifically a use
after free of a DocumentViewerImpl object, triggered via a specially crafted web
page using onreadystatechange events and the window.stop() API, as exploited in the
wild on 2013 August to target Tor Browser users.
},

View File

@ -21,7 +21,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Mozilla Firefox 3.6.16 mChannel Use-After-Free Vulnerability',
'Description' => %q{
This module exploits an use after free vulnerability in Mozilla
This module exploits a use after free vulnerability in Mozilla
Firefox 3.6.16. An OBJECT Element mChannel can be freed via the
OnChannelRedirect method of the nsIChannelEventSink Interface. mChannel
becomes a dangling pointer and can be reused when setting the OBJECTs

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a vulnerability found in Mozilla Firefox 3.6. When an
array object is configured with a large length value, the reduceRight() method
may cause an invalid index being used, allowing abitrary remote code execution.
may cause an invalid index being used, allowing arbitrary remote code execution.
Please note that the exploit requires a longer amount of time (compare to a
typical browser exploit) in order to gain control of the machine.
},

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'MS06-013 Microsoft Internet Explorer createTextRange() Code Execution',
'Description' => %q{
This module exploits a code execution vulnerability in Microsoft Internet Explorer.
Both IE6 and IE7 (Beta 2) are vulnerable. It will corrupt memory in a way, which, under
Both IE6 and IE7 (Beta 2) are vulnerable. It will corrupt memory in a way, which, under
certain circumstances, can lead to an invalid/corrupt table pointer dereference. EIP will point
to a very remote, non-existent memory location. This module is the result of merging three
different exploit submissions and has only been reliably tested against Windows XP SP2.

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'MS06-071 Microsoft Internet Explorer XML Core Services HTTP Request Handling',
'Description' => %q{
This module exploits a code execution vulnerability in Microsoft XML Core Services which
exists in the XMLHTTP ActiveX control. This module is the modifed version of
exists in the XMLHTTP ActiveX control. This module is the modified version of
http://www.milw0rm.com/exploits/2743 - credit to str0ke. This module has been successfully
tested on Windows 2000 SP4, Windows XP SP2, Windows 2003 Server SP0 with IE6
+ Microsoft XML Core Services 4.0 SP2.

View File

@ -18,7 +18,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a code execution vulnerability that occurs when a user
presses F1 on MessageBox originated from VBscript within a web page. When the
user hits F1, the MessageBox help functionaility will attempt to load and use
user hits F1, the MessageBox help functionality will attempt to load and use
a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server.
This particular version of the exploit implements a WebDAV server that will

View File

@ -12,7 +12,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow',
'Description' => %q{
This module exploits a buffer overlow in l3codecx.ax while processing a
This module exploits a buffer overflow in l3codecx.ax while processing a
AVI files with MPEG Layer-3 audio contents. The overflow only allows to overwrite
with 0's so the three least significant bytes of EIP saved on stack are
overwritten and shellcode is mapped using the .NET DLL memory technique pioneered

View File

@ -22,12 +22,12 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'MS10-090 Microsoft Internet Explorer CSS SetUserClip Memory Corruption',
'Description' => %q{
Thie module exploits a memory corruption vulnerability within Microsoft's
This module exploits a memory corruption vulnerability within Microsoft's
HTML engine (mshtml). When parsing an HTML page containing a specially
crafted CSS tag, memory corruption occurs that can lead arbitrary code
execution.
It seems like Microsoft code inadvertantly increments a vtable pointer to
It seems like Microsoft code inadvertently increments a vtable pointer to
point to an unaligned address within the vtable's function pointers. This
leads to the program counter being set to the address determined by the
address "[vtable+0x30+1]". The particular address depends on the exact

View File

@ -37,7 +37,7 @@ class MetasploitModule < Msf::Exploit::Remote
handler we want to abuse - the "onpropertychange" event. Since the CBlockElement is a child
of CTextArea, if we do a node swap of CBlockElement in "onselect", this will trigger
"onpropertychange". During "onpropertychange" event handling, a free of the CDisplayPointer
object can be forced by using an "Unslect" (other approaches also apply), but a reference
object can be forced by using an "Unselect" (other approaches also apply), but a reference
of this freed memory will still be kept by CDoc::ScrollPointerIntoView, specifically after
the CDoc::GetLineInfo call, because it is still trying to use that to update
CDisplayPointer's position. When this invalid reference arrives in QIClassID, a crash

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a stack buffer overflow in the ISAlertDataCOM ActiveX
Control (ISLAert.dll) provided by Symantec Norton Internet Security 2004.
By sending a overly long string to the "Get()" method, an attacker may be
By sending an overly long string to the "Get()" method, an attacker may be
able to execute arbitrary code.
},
'License' => MSF_LICENSE,

View File

@ -14,9 +14,9 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => "IBM Lotus Notes Client URL Handler Command Injection",
'Description' => %q{
This modules exploits a command injection vulnerability in the URL handler for
This module exploits a command injection vulnerability in the URL handler for
for the IBM Lotus Notes Client <= 8.5.3. The registered handler can be abused with
an specially crafted notes:// URL to execute arbitrary commands with also arbitrary
a specially crafted notes:// URL to execute arbitrary commands with also arbitrary
arguments. This module has been tested successfully on Windows XP SP3 with IE8,
Google Chrome 23.0.1271.97 m and IBM Lotus Notes Client 8.5.2.
},

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Description' => %q{
This module exploits a stack buffer overflow in Oracle Document Capture 10g (10.1.3.5.0).
Oracle Document Capture 10g comes bundled with a third party ActiveX control
emsmtp.dll (6.0.1.0). When passing a overly long string to the method "SubmitToExpress"
emsmtp.dll (6.0.1.0). When passing an overly long string to the method "SubmitToExpress"
an attacker may be able to execute arbitrary code.
},
'License' => MSF_LICENSE,

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => "Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Remote Code Execution",
'Description' => %q{
This modules exploits a vulnerability found in the Oracle WebCenter Content
This module exploits a vulnerability found in the Oracle WebCenter Content
CheckOutAndOpenControl ActiveX. This vulnerability exists in openWebdav(), where
user controlled input is used to call ShellExecuteExW(). This module abuses the
control to execute an arbitrary HTA from a remote location. This module has been

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'Orbit Downloader Connecting Log Creation Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Orbit Downloader 2.8.4. When an
attacker serves up a malicious web site, abritrary code may be executed.
attacker serves up a malicious web site, arbitrary code may be executed.
The PAYLOAD windows/shell_bind_tcp works best.
},
'License' => MSF_LICENSE,

View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Real Networks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution',
'Description' => %q{
This module exploits a vulnerability in Real Networks Acrade Game's ActiveX control. The "exec"
This module exploits a vulnerability in Real Networks Arcade Game's ActiveX control. The "exec"
function found in InstallerDlg.dll (v2.6.0.445) allows remote attackers to run arbitrary commands
on the victim machine.
},

View File

@ -12,7 +12,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'RealNetworks RealPlayer CDDA URI Initialization Vulnerability',
'Description' => %q{
This module exploits a initialization flaw within RealPlayer 11/11.1 and
This module exploits an initialization flaw within RealPlayer 11/11.1 and
RealPlayer SP 1.0 - 1.1.4. An abnormally long CDDA URI causes an object
initialization failure. However, this failure is improperly handled and
uninitialized memory executed.