Cross-Site Printing (Printer Spamming)
Stealing Pictures with Picasa
HScan Redux
ISO-8895-1 Vulnerable in Firefox to Null Injection
MITM attack to overwrite addons in Firefox
Microsoft ASP.NET Request Validation Bypass Vulnerability (POC)
Non-Alpha-Non-Digit 3
Steal History without JavaScript
Pure Java™, Pure Evil™ Popups
Google Adsense CSRF hole
There's an OAK TREE in my blog!?!?!
BK for Mayor of Oak Tree View
Google Docs puts Google Users at Risk
All Your Google Docs are Belong To US...
Java Applets and DNS Rebinding
Scanning internal Lan with PHP remote file opening.
Firefox File Handling Woes
Firefoxurl URI Handler Flaw
Bugs in the Browser: Firefox's DATA URL Scheme Vulnerability
Multiviews Apache, Accept Requests and free listing
Optimizing the number of requests in blind SQL injection
Bursting Performances in Blind SQL Injection - Take 2 (Bandwidth)
Port Scan without JavaScript
Favorites Gone Wild
Cross-Browser Proxy Unmasking
Spoofing Firefox protected objects
Injecting the script tag into XML
Login Detection without JavaScript
Anti-DNS Pinning ( DNS Rebinding ) : Online Demonstration
Username Enumeration Timing Attacks (Sensepost)
Google GMail E-mail Hijack Technique
Recursive Request DoS
Exaggerating Timing Attack Results Via GET Flooding
Initiating Probes Against Servers Via Other Servers
Effects of DNS Rebinding On IE's Trust Zones
Paper on Hacking Intranets Using Websites (Not Web Browsers)
More Port Scanning - This Time in Flash
HTTP Response Splitting and Data: URI scheme in Firefox
Res:// Protocol Local File Enumeration
Res Timing Attack
IE6.0 Protocol Guessing
IE 7 and Firefox Browsers Digest Authentication Request Splitting
Hacking Intranets Via Brute Force
Hiding JS in Valid Images
Internet Archiver Port Scanner
Noisy Decloaking Methods
Code Execution Through Filenames in Uploads
Cross Domain Basic Auth Phishing Tactics
Additional Image Bypass on Windows
Detecting users via Authenticated Redirects
Passing Malicious PHP Through getimagesize()
Turn Any Page Into A Greasemonkey Popup
Enumerate Windows Users In JS
Anti-DNS Pinning ( DNS Rebinding ) + Socket in FLASH
Iframe HTTP Ping
Read Firefox Settings (PoC)
Stealing Mouse Clicks for Banner Fraud
(Non-Persistent) Untraceable XSS Attacks
Inter Protocol Exploitation
Detecting Default Browser in IE
Bypass port blocking in Firefox, Opera and Konqueror.
LocalRodeo Detection
Image Names Gone Bad
IE Sends Local Addresses in Referer Header
PDF XSS Can Compromise Your Machine
Universal XSS in Adobe's Acrobat Reader Plugin
Firefox Popup Blocker Allows Reading Arbitrary Local Files
IE7.0 Detector
overwriting cookies on other people's domains in Firefox.
Embeding SVG That Contains XSS Using Base64 Encoding in Firefox
Firefox Header Redirection JavaScript Execution
More URI Stuff... (IE's Resouce URI)
Hacking without 0days: Drive-by Java
Google Urchin password theft madness
Username Enumeration Vulnerabilities
Client-side SQL Injection Attacks
Content-Disposition Hacking
Flash Cookie Object Tracking
Java JAR Attacks and Features
Severe XSS in Google and Others due to the JAR protocol issues
Web Mayhem: Firefox's JAR: Protocol issues (bugzilla)
0DAY: QuickTime pwns Firefox
Exploiting Second Life