Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp.
marc.info/?l=bugtraq&m=109630777608244&w=2
secunia.com/advisories/12658
securitytracker.com/id?1011419
www.securityfocus.com/bid/11250
exchange.xforce.ibmcloud.com/vulnerabilities/17498
exchange.xforce.ibmcloud.com/vulnerabilities/17500
exchange.xforce.ibmcloud.com/vulnerabilities/17501
exchange.xforce.ibmcloud.com/vulnerabilities/17502