UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of service (infinite loop) via crafted BBCode tags.
http://www.vupen.com/english/advisories/2009/3222
http://www.usebb.net/community/topic-post9775.html
http://www.usebb.net/community/topic-2388.html