On the current stable demo page, I am able to do a basic form of an attack that could be exploited and cause a denial of service on the system.
Steps needed to perform this attack:
1. Log in as the Administrator via (admin/test)
2. Go to "Administration" tab
3. Click on "Manage Forms" link
4. Click on "Add Form"
5. Enter "Attack Form" under Name
6. Enter "1" as the version Number
7. For the upload portion since there is no checking on the file type or size, a user can upload large files into the form database.
A person could set up a script to do this continuously, which would put more storage into the database and cause a denial of service on the system due to there being no more space for other users to write to the database.