Users are sometimes reporting that when they try to navigate to the
homepage of my website they are getting a runtime error. The error is
the generic .NET message (Server Error in '/' Application... etc...)

The website is http://www.unitville.com/

The users are not giving me any more information, but more than one
person has reported it. I cannot reproduce this problem, nor can
anybody that I have asked.

Can you post a comment if you are successful or unsuccessful when
navigating to the page.

The winner is the person who sees the error and can tell me the steps
to reproduce it.

Works for me running Firefox under Linux. ;-)

Under vmware when I run IE the site loads fine.  I did find a problem
when I clicked on the "Create a printable Newsletter" link.  Doing
that causes a notification by the IE popup blocker and then page
immediately refreshes to the main page giving me no chance to allow or
display the popup.  Same thing happens with the answerboard.

No .NET crashes

Oh one other thing.  I registered for an account and uploaded a random
file for my picture.  I changed a .exe to .jpg and it uploaded fine. 
You may want to restrict picture uploading to paying users, as it may
be a considerable security risk to allow anyone to upload stuff and
then subsequently pull it down.

For example I could create a bogus account upload warez/music/xxx
pictures and then post a URL somewhere with a link to the content.

The file I uploaded was ymesuite.jpg (renamed from ymesuite.exe) which
is the yahoo music engine (random file pulled from my vmware desktop).
 I verified that I could pull it down by going here:

http://www.unitville.com/photos//ymesuite.jpg

Oh woops...as I was composing this I did trigger the error.  When
updating my profile I used <table> (i.e. an html tag) in my nickname. 
You really really need to make sure you sanitize the data people put
in those boxes.  I notice most of your validation is client side. 
This is very dangerous as a malicious user may be able circumvent that
and stick total garbage in your membership database.

Ok one last thing.  Changing my name to & shows an ampersand
instead of & for my name when I go to create a newsletter.  This
means you're not sanitizing the information when you push back out of
the database.  It might actually be possible for me to steal other
member's private info by exploiting this property.  Imagine if I could
get some arbitrary html (say form elements) into some of these fields
and then trick other members into filling out those elements while
assuming the data will go to you and it instead goes to me.

When you write an application like this you have to make assumptions
that the user is going to do whatever is in their power to mess up
your app.