Land #2714, fixup for release

modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb

@@ -15,7 +15,11 @@ class Metasploit3 < Msf::Auxiliary
       'Name'        => 'ZyXEL GS1510-16 Password Extractor',
       'Description' => %q{
           This module exploits a vulnerability in ZyXEL GS1510-16 routers
-          to extract the admin password.
+          to extract the admin password. Due to a lack of authentication on the
+          webctrl.cgi script, unauthenticated attackers can recover the
+          administrator password for these devices. The vulnerable device
+          has reached end of life for support from the manufacturer, so it is
+          unlikely this problem will be addressed.
       },
       'References'  =>
         [
@@ -72,4 +76,4 @@ class Metasploit3 < Msf::Auxiliary
     return
   end
   end
-end
+end

modules/auxiliary/scanner/http/openmind_messageos_login.rb

@@ -16,8 +16,8 @@ class Metasploit3 < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'OpenMind Message-OS Portal Login Brute Force Utility',
       'Description'    => %{
-        This module scans for OpenMind Message-OS provisioning web login portal, and performs login brute force
-        to identify valid credentials.
+        This module scans for OpenMind Message-OS provisioning web login portal, and
+        performs a login brute force attack to identify valid credentials.
       },
       'Author'         =>
         [

modules/auxiliary/scanner/http/oracle_ilom_login.rb

@@ -16,8 +16,8 @@ class Metasploit3 < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Oracle ILO Manager Login Brute Force Utility',
       'Description'    => %{
-        This module scans for Oracle Integrated Lights Out Manager login portal, and performs login brute force
-        to identify valid credentials.
+        This module scans for Oracle Integrated Lights Out Manager (ILO) login portal, and
+        performs a login brute force attack to identify valid credentials.
       },
       'Author'         =>
         [

modules/exploits/linux/http/netgear_readynas_exec.rb

@@ -15,10 +15,9 @@ class Metasploit3 < Msf::Exploit::Remote
       'Name'           => 'NETGEAR ReadyNAS Perl Code Evaluation',
       'Description'    => %q{
         This module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The
-        vulnerability exists on the web fronted, specifically on the np_handler.pl component,
-        due to the insecure usage of the eval() perl function. This module has been tested
-        successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real
-        hardware.
+        vulnerability exists on the web front end, specifically in the np_handler.pl component,
+        due to an insecure usage of the eval() perl function. This module has been tested
+        successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment.
       },
       'Author'         =>
         [
@@ -49,6 +48,8 @@ class Metasploit3 < Msf::Exploit::Remote
         },
       'Targets'        =>
         [
+          # Tested on an emulated environment, need to check this
+          # against a real device
           [ 'NETGEAR ReadyNAS 4.2.23', { }]
         ],
       'DefaultOptions' =>

modules/exploits/multi/http/cisco_dcnm_upload.rb

@@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'Name'        => 'Cisco Prime Data Center Network Manager Arbitrary File Upload',
       'Description' => %q{
         This module exploits a code execution flaw in Cisco Data Center Network Manager. The
-        vulnerability exists on the processImageSave.jsp, which can be abused through a directory
+        vulnerability exists in processImageSave.jsp, which can be abused through a directory
         traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss
         application server feature is used to achieve remote code execution. This module has been
         tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2

modules/exploits/unix/webapp/kimai_sqli.rb

@@ -27,7 +27,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'Author'         =>
         [
           'drone (@dronesec)', # Discovery and PoC
-          'Brendan Coles <bcoles[at]gmail.com>' # Metasploit
+          'Brendan Coles <bcoles[at]gmail.com>' # Metasploit module
         ],
       'References'     =>
         [

modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb

@@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
     super(update_info(info,
       'Name'           => "MS12-022 Microsoft Silverlight ScriptObject Unsafe Memory Access",
       'Description'    => %q{
-        This module exploits a vulnerability on Microsoft Silverlight. The vulnerability exists on
+        This module exploits a vulnerability in Microsoft Silverlight. The vulnerability exists on
         the Initialize() method from System.Windows.Browser.ScriptObject, which access memory in an
         unsafe manner. Since it is accessible for untrusted code (user controlled) it's possible
         to dereference arbitrary memory which easily leverages to arbitrary code execution. In order

modules/exploits/windows/scada/abb_wserver_exec.rb

@@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
         component, which allows arbitrary commands. The component is disabled by default, but
         required when a project uses the SCIL function WORKSTATION_CALL.
 
-        This module has been tested successfully on ABB MicroSCADA Pro SYS600 9.3 over
+        This module has been tested successfully on ABB MicroSCADA Pro SYS600 9.3 on
         Windows XP SP3 and Windows 7 SP1.
       },
       'License'        => MSF_LICENSE,