CVE-2008-6755
ZoneMinder 1.23.3 on Fedora 10 leaves /etc/zm.conf owned by the apache user and 0600-permissioned. This weakens protection of the configuration file and allows remote attackers to modify it via a web-accessible PHP or CGI script. The described vulnerability is limited to file ownership/permission...