Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "[having] other [security] issues too, not as bad as letting users take over your admin account, but bad too."
http://www.web-app.net/cgi-bin/index.cgi?action=forum&board=public_security&op=display&num=10380