updated check and docs that 14.2 may not be vuln

documentation/modules/exploit/linux/http/tiki_calendar_exec.md

@@ -4,6 +4,18 @@
   Exploit-db: [edb](https://www.exploit-db.com/apps/2fa84367ba4f14afab9f51cd3e93606d-tiki-14.2.7z)
   Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)
 
+  Of note, there is some discussion if 14.2 is vuln or not.
+```
+  1. Exploit-DB says in the title (may be wrong) 14.2 is vuln.
+  2. The linked app Exploit-DB has is 14.2.
+  3. Its verified on Exploit-DB.
+```
+vs
+```
+  1. Manual print statement testing from the PoC on 14.2 doesn't seem to be vuln
+  2. The [notice](https://tiki.org/article414-Important-Security-Fix-for-all-versions-of-Tiki) seems to say 14.2 is the update that fixes the problem
+```
+
 ### Creating A Testing Environment
 
   1. Create a fresh Ubuntu 16.04 w/ a LAMP install

modules/exploits/linux/http/tiki_calendar_exec.rb

@@ -20,7 +20,7 @@ class MetasploitModule < Msf::Exploit::Remote
           The calendar module is NOT enabled by default.  When enbled,
           the default permissions are set to NOT allow anonymous users
           to access.
-          Vulnerable versions: <=14.2, <=12.5 LTS, <=9.11 LTS and <=6.15
+          Vulnerable versions: <=14.1, <=12.4 LTS, <=9.10 LTS and <=6.14
           Verified/Tested against 14.1
         ),
         'Author'      =>
@@ -123,7 +123,7 @@ class MetasploitModule < Msf::Exploit::Remote
     if res
       if res.body =~ /You do not have permission to view the calendar/
         fail_with(Failure::NoAccess, "#{peer} - Additional Permissions Required")
-      elsif res.body =~ /#{flag}/
+      elsif res.body =~ />#{flag}</
         Exploit::CheckCode::Vulnerable
       else
         Exploit::CheckCode::Safe