Andrés Gómez

**Name of the Vulnerable Software and Affected Versions** The Open Racing Car Simulator (TORCS) versions prior to 1.3.3 Speed Dreams versions prior to 1.3.3 **Description** A stack-based buffer overflow issue exists, allowing user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file. **Recommendations** For The Open Racing Car Simulator (TORCS) versions prior to 1.3.3, update to version 1.3.3 or later. For Speed Dreams versions prior to 1.3.3, update to version 1.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** CMS Ariadna version 1.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `tipodoc id` parameter in the detResolucion.php file. **Recommendations** For CMS Ariadna version 1.1, avoid using the `tipodoc id` parameter in the detResolucion.php file until a fix is available. Consider restricting access to this parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** INVOhost version 3.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` and `newlanguage` parameters to "site.php", the `search` parameter to "manuals.php", and unspecified vectors to "faq.php". **Recommendations** For INVOhost version 3.4, consider restricting access to the affected parameters `id` and `newlanguage` in "site.php", and the `search` parameter in "manuals.php" to minimize the risk of exploitation. Avoid using unspecified vectors in "faq.php" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PLIB version 1.8.5 TORCS version 1.3.1 plib-devel (affected versions not specified) plib (affected versions not specified) plib-debuginfo (affected versions not specified) plib-debugsource (affected versions not specified) **Description** The issue involves a buffer overflow in the `ulSetError` function in `util/ulError.cxx` in PLIB, which can be exploited by remote attackers to execute arbitrary code via vectors involving a long error message. This can be demonstrated by a crafted acc file for TORCS. Additionally, multiple vulnerabilities in the plib package in openSUSE and Debian GNU/Linux operating systems can lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For PLIB version 1.8.5, consider disabling the `ulSetError` function until a patch is available. For TORCS version 1.3.1, avoid using crafted acc files that can trigger the buffer overflow in the `ulSetError` function. For plib-devel, plib, plib-debuginfo, and plib-debugsource, at the moment, there is no information about a newer version that contains a fix for this vulnerability.