Fix the user input for domainnames: I'm able to enter non ascii chars
XSS: http://www.co.vu/search?domain=<marquee>; http://www.co.vu/dnssettings/createrecord?domain=%3E%3Cmarqu...
Full path disclosure (and maybe even SQL injections possible): http://www.co.vu/dnssettings?domain=
Access other users DNS (even without login): http://www.co.vu/dnssettings/dnsrecords?domain=notmydomain
OpenDir (showing server software used): http://www.co.vu/img/posterous/