Two unchecked buffer conditions exists in the WebBBS software located in the search function and in the new user signup function.
By using an overly long search string it is possible to
cause a denial of service attack against a remote server. In addition, by sending a user
name of 896 bytes (user name + EIP pointer) a buffer overrun will occur, thereby allowing
an intruder to run code on the remote system.
The author is aware of the problem but has not released a correct version. WebBBS Home Page