Dropbear sshd versions 2015.71 and below suffer from a command injection vulnerability via xauth. An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie. The newline acts as a command separator to the xauth binary. This attack requires the server to have 'X11Forwarding yes' enabled. Disabling it, mitigates this vector.
8129326c102e22e1da62a2fd903c2546c85eba1fd49af454ec0eeb8768c919e3
OpenSSH versions 7.2p1 and below suffer from a command injection and /bin/false bypass vulnerability via xauth.
21d775c0fcb1c084c005d795ca4e1b1a4ba34f84303ab3202fc620f0852d90ee
Confluence Wiki versions 3.5.9, 4.0.3, and 4.1.4 suffer from a cross site scripting vulnerability.
9bcf399a2e8ea5531b3605b2128bf6b02fa2c55f7a7dea89f867a811b06a28d7