Debian Linux Security Advisory 2853-1 - Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitized variables are passed to the unserialize() PHP function. A remote attacker could specially-crafted one of those variables allowing her to load and execute code.
0d04b90771e0f3ac7ebe670486cf9a41d92e4aee95c54d516f3e78cb2a963e1d