Debian Security Advisory DSA 2853-1 (horde3 - remote code execution)
Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitized variables are passed to the unserialize PHP function. A remote attacker could specially-craft one of those variables allowing her to load and execute code...