The Horde_Ldap library prior to 2.0.6 for Horde allows remote malicious users to bypass authentication by leveraging knowledge of the LDAP bind user DN.
horde horde ldap