	Password Transmitted Over HTTP
Url  http://www.heidymodel.com/amember_remote/index.php?v=-6&url=/members/&referer=  
Form target action  
 Classification
 PCI 2.0  6.5.4  PCI 1.2  6.5.9  OWASP  A9   CWE  319  CAPEC  65  WASC  04 Vulnerability Details
Netsparker identified that password data is sent over HTTP. 
Impact
If an attacker can intercept network traffic he/she can steal users credentials.

	Cookie Not Marked As HttpOnly
Url  http://www.heidymodel.com/amember_remote/index.php?v=-6&url=/members/&referer=  
Identified Cookie PHPSESSID 
 Classification
 CWE  16  CAPEC  107  WASC  15 Vulnerability Details
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks.
Impact
During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session. 

	Auto Complete Enabled
Url  http://www.heidymodel.com/amember_remote/index.php?v=-6&url=/members/&referer=  
Identified Field Name amember_remote_login 
 Classification
 CWE  16  WASC  15 Vulnerability Details
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".
Impact
Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals. 

	PHP Version Disclosure
Certainty   
Url  http://www.heidymodel.com/  
Extracted Version 5.2.9 
 Classification
 PCI 1.2  6.5.6  OWASP  A6   CWE  16  CAPEC  170  WASC  45 Vulnerability Details
Netsparker identified that the target web server is disclosing the PHP version in its HTTP response. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP. 
Impact
An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified. 

	[Possible] Internal Path Leakage (*nix)
Certainty   
Url  http://www.heidymodel.com/amember_remote/index.php?v=-6&url=/members/&referer=3  
Identified Internal Path(s) /proc/self/fd/2\0.php 
Parameter Name amember_remote_login 
Parameter Type Post 
Attack Pattern ../../../../../../../../../../proc/self/fd/2.php 
 Classification
 PCI 1.2  6.5.6  CWE  200  CAPEC  118  WASC  13 Vulnerability Details
Netsparker identified an internal path in the document. 
Impact
There is no direct impact however this information can help an attacker either to identify other vulnerabilities or during the exploitation of other identified vulnerabilities. 

	[Possible] Internal Path Leakage (*nix)
Certainty   
Url  http://www.heidymodel.com/amember_remote/  
Identified Internal Path(s) /proc/self/fd/2\0.php 
Parameter Name amember_remote_login 
Parameter Type Post 
Attack Pattern ../../../../../../../../../../proc/self/fd/2.php 
 Classification
 PCI 1.2  6.5.6  CWE  200  CAPEC  118  WASC  13 Vulnerability Details
Netsparker identified an internal path in the document. 
Impact
There is no direct impact however this information can help an attacker either to identify other vulnerabilities or during the exploitation of other identified vulnerabilities.