Exploitable bug !

I no coment how can be locally or remotly exploitable, but this is a sirius trouble.

I see logs files have wrong permision.
(log files located unde .var/domain/logs/ )

root:iworx transfer.log
root:iworx error.log

This too files really need have permision of site and no root:iworx , because its super easy make this files eat all space of all hard disk.
Under site permision quota stop the file at limited space of site, but without correct permision this file use all space of HD with simple php scrip, and with easy remote bombing to site.

I recomend to iworx, change permision of that files inmediatly, and make publisc patch.