Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.
https://bugs.tryton.org/issue3446
http://www.tryton.org/posts/security-release-for-issue3446.html