CVE-2025-57698

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...

AstrBot contains a directory traversal vulnerability

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...

CVE-2025-57697

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...

AstrBot 安全漏洞

AstrBot is a multi-platform LLM chatbot and development framework open-sourced by AstrBot. A security vulnerability exists in AstrBot version v3.5.22, which stems from the encodeimagebs64 function not verifying the legitimacy of an image path, which could lead to arbitrary file reads and data lea...

Samba read_nttrans_ea_list Integer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/struct2' class MetasploitModule 'Samba readnttransealist Integer Overflow', 'Description' = %q Integer overflow in the readnttransealist function in nttrans...

zTree Cross Site Scripting Vulnerability

zTree is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ztreeproject:ztree";...

Security fix for the ALT Linux 6 package samba version 3.5.22-alt0.M60P.1

3.5.22-alt0.M60P.1 built Feb. 24, 2015 Andrey Cherepanov in task 140944 Feb. 23, 2015 Andrey Cherepanov - 3.5.22 + fixes CVE-2015-0240 security flaw in the smbd file server daemon...

Samba read_nttrans_ea_list Integer Overflow

Integer overflow in the readnttransealist function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service memory consumption via a malformed packet. Important Note: in order to work, the "ea support" option o...

Samba 3.5.223.6.174.0.8 - nttrans Reply Integer Overflow

Samba 3.5.223.6.174.0.8 - nttrans Reply Integer Overflow Exploitation: samba nttrans reply integer overflow / \ / \ | || | | | \ / / . || | | | / | handlenttrans +- callnttransactcreate // transact! - readnttrnsealistvulnerable function security bug analyze smbd/nttrans.c ---- snip ---- snip ----...