Vulnerabilities Found in Blur6ex Subject: Multiple vulnerabilities in Blur6ex Date: Wed Apr 12 20:04:15 EDT 2006 Type of Vulnerabilities: - XSS (Cross-Site Scripting): Via parameter in . - Directory Traversal: Via parameter in . Affected Version: Blur6ex 0.3.462 Key Findings: The vulnerability found with the parameter was identified as a primary issue. Directory traversal vulnerability arises due to the parameter's use in an unsafe manner in the statement without apparent cleansing. Arbitrary PHP files might be included and executed using sequences. A potential null character injection could be exploited to access files of any extension. References: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature Bugtraq, April 1, 2006 Reference Note: Analysis is based solely on source code inspection, without practical testing of the product.