Hacking News Webové techniky

H  Android (22)  Komunikace(28)  Databáze(39)  Hardware(11)  Infrastruktura(7)  Mobil(18)  LAN(26)   Social site (6)  Software(3)  Virus(66)  Web(724)  VoIP (5)  All

(DOMinator) Finding DOMXSS with dynamic taint propagation
(Non-Persistent) Untraceable XSS Attacks
.Net Cross Site Scripting – Request Validation Bypassing
“ASPXErrorPath in URL” Technique in Scanning a .Net Web Application
0DAY: QuickTime pwns Firefox
Using Cookies For Selective DoS and State Detection
Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
Popup & Focus URL Hijacking
The curse of inverse strokejacking
Fooling B64_Encode(Payload) on WAFs and filters
2CAPTCHA Hax With TesserCap
Web pages Detecting Virtualized Browsers and other tricks
Breaking into a WPA network with a webpage
Stroke triggered XSS and StrokeJacking
Poisoning proxy caches using Java/Flash/Web Sockets
How to Conceal XSS Injection in HTML5
Expanding the Attack Surface
Chronofeit Phishing
Non-Obvious (Crypto) Bugs by Example
SQLi filter evasion cheat sheet (MySQL)
XSHM Mark 2
A brief description of how to become a CA
A different Opera
A Different Opera 
A more plausible E4X attack
A story that diggs itself
A Twitter DomXss, a wrong fix and something more
Aaron Patterson – Serialized YAML Remote Code Execution
ABC News (AU) XSS linking the reporter to Al Qaeda
About CSS Attacks
About CSS Attacks
Abusing CDNs with SSRF Flash and DNS
Abusing Flash-Proxies for client-side cross-domain HTTP requests
Abusing HTML 5 Structured Client-side Storage 
Abusing HTTP Status Codes to Expose Private Information
Abusing PHP Sockets
Abusing PHP Sockets (1, 2)
Abusing XLST for Practical Attacks
Abusing XSLT for Practical Attacks
Account Hijackings Force LiveJournal Changes
Active Man in the Middle Attacks
Active Man in the Middle Attacks
ActiveX Repurposing 
ActiveX Repurposing, (1, 2)
Additional Image Bypass on Windows
Adultspace XSS Worm
Advanced Exploitation of Mozilla Firefox Use-After-Free Vulnerability (Pwn2Own 2014) CVE-2014-1512
Advanced SQL injection to operating system full control
Advanced SQL injection to operating system full control(whitepaper)
Advanced Web Attack Techniques using GMail
Advanced Web Attack Techniques using GMail 
AIR Flash RCE from PWN2OWN
All Your Google Docs are Belong To US…
Angelo Prado, Neal Harris, Yoel Gluck – BREACH
Anonymizing RFI Attacks Through Google
Anti-DNS Pinning ( DNS Rebinding )
Anti-DNS Pinning ( DNS Rebinding ) : Online Demonstration 
Anti-DNS Pinning ( DNS Rebinding ) + Socket in FLASH
Anti-DNS Pinning and Circumventing Anti-Anti DNS pinning
Apache Struts ClassLoader Manipulation Remote Code Execution 
Apache Struts ClassLoader Manipulation Remote Code Execution and Blog Post
Apple's Safari 4 also fixes cross-domain XML theft
Apple's Safari 4 fixes local file theft attack
Arbitrary TCP over uploaded pages
Ashar Javad Attack against Facebook’s password reset process.
ASP.NET 'Padding Oracle' Crypto Attack
AT&T Hack Highlights Web Site Vulnerabilities 
Attack - PDF Silent HTTP Form Repurposing Attacks
Attack Surface for Project Spartan’s EdgeHTML Rendering Engine
Attacking CAPTCHAs for Fun and Profit
Attacking HTTPS with Cache Injection
Attacking OData: HTTP Verb Tunneling, Navigation Properties for Additional Data Access, System Query Options ($select)
Auto-Complete Hack by Hiding Filled in Input Fields with CSS
Autocomplete..again?!
ava DSN Rebinding + Java Same IP Policy = The Internet Mayhem
Backdooring MP3 Files
Backdooring PDF Files
Backdooring QuickTime Movies
BEAST
Belkin Buffer Overflow via Web
BK for Mayor of Oak Tree View
Blended Threats and JavaScript
Blind SQL Injection: Inference thourgh Underflow exception
Blind SQL Injection: Inference thourgh Underflow exception
Blind web server fingerprinting
Bonus Safari XXE (only affecting Safari 4 Beta)
Breaking Google Gears' Cross-Origin Communication Model 
Breaking HTTPS with BGP Hijacking
Breaking into a WPA network with a webpage
Browser Event Hijacking
Browser Port Scanning without JavaScript
Browser scheme/slash quirks
Browsers Anti-XSS methods in ASP (classic) have been defeated!
Browser's Ghost Busters
Bruteforce of PHPSESSID
Bruteforcing HTTP Auth in Firefox with JavaScript
Bruteforcing/Abusing search functions with no-rate checks to collect data
Bugs in the Browser: Firefox’s DATA URL Scheme Vulnerability
Building Subversive File Sharing With Client Side Applications
Bursting Performances in Blind SQL Injection - Take 2 (Bandwidth)
Bypass port blocking in Firefox, Opera and Konqueror.
Bypass Surgery
Bypassing CAPTCHAs by Impersonating CAPTCHA Providers (1,2)
Bypassing CSP for fun, no profit
Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
Bypassing Filters With Encoding
Bypassing Flash’s local-with-filesystem Sandbox
Bypassing Flash’s local-with-filesystem Sandbox
Bypassing HTTP Basic Authenitcation in PHP Applications (** potential rediscovery of: HTExploit – Bypassing .htaccess restrictions **)
Bypassing Chrome’s Anti-XSS filter
Bypassing Mozilla Port Blocking
Bypassing NoCAPTHCA
Bypassing of web filters by using ASCII 
Bypassing OWASP ESAPI XSS Protection inside Javascript
Bypassing URL Authentication and Authorization with HTTP Verb Tampering
Canadian Beacon
CAPTCHA Hax With TesserCap
CAPTCHA Re-Riding Attack
Carlos Munoz – Bypassing Internet Explorer’s Anti-XSS Filter
Circumventing DNS Pinning for XSS
Click here to vote for your favorite web hacks of the year!
Clickjacking & OAuth
Clickjacking / Videojacking 
Clickjacking Rootkits for Android (2)
Client-side SQL Injection Attacks
Close encounters of the third kind (client-side JavaScript vulnerabilities)
Close encounters of the third kind (client-side JavaScript vulnerabilities)
CNNINC SSL MitM
Code Execution Through Filenames in Uploads
Code Execution via XSS
Code Execution via XSS (1)
Cody Collier – Exposing Verizon Wireless SMS History
Collecting Lots of Free 'Micro-Deposits'
Common localhost dns misconfiguration can lead to "same site" scripting
Compromising an unreachable Solr Serve
Content Smuggling
Content-Disposition Hacking
Converting unimplementable Cookie-based XSS to a persistent attack
Cookie Eviction
Cookie Path Traversal
Cookiejacking
Covert Redirect Vulnerability Related to OAuth 2.0 and OpenID
Covert Timing Channels based on HTTP Cache Headers
Cracking hashes in the JavaScript cloud with Ravan
Cracking Ruby on Rails Sessions
Creating a rogue CA certificate
CRIME
Cross Context Scripting from within the Browser
Cross Domain Basic Auth Phishing Tactics
Cross domain content extraction with fake captcha
Cross Domain Leakage With Image Size
Cross Environment Hopping
Cross Site URL Hijacking by using Error Object in Mozilla Firefox
Cross-Browser Proxy Unmasking
Cross-domain leaks of site logins via Authenticated CSS 
Cross-domain search timing
Cross-protocol XSS with non-standard service ports
Cross-protocol XSS with non-standard service ports
Cross-site File Upload Attacks
Cross-Site Identification (XSid)
Cross-Site Port Attacks
Cross-Site Printing (Printer Spamming)
Cross-subdomain Cookie Attacks
Crowd-sourcing mischief on Google Maps leads customers astray
Cryptophp Backdoor
CSRF And Ignoring Basic/Digest Auth
CSRF on Novell GroupWise WebAccess
CSRF token disclosure via iFRAME and CAPTCHA trickery 
CSRF with JSON – leveraging XHR and CORS
CSRF with MS Word
CSRF: Flash + 307 redirect = Game Over
CSRFing the uTorrent plugin
CSS :visited may be a bit overrated
CSS History Hack In Firefox Without JavaScript for Intranet Portscanning
CSS history hacking with evil marketing
CSS History Stealing Acts As Cookie
CSS-Only Clickjacking
CTA: The weaknesses in client side xss filtering targeting Chrome’s XSS Auditor
CUPS Detection
Cursorjacking again
De-cloaking in IE7.0 Via Windows Variables
Delta Boarding Pass Spoofing
Detecting browsers javascript hacks
Detecting Default Browser in IE
Detecting FireFox Extentions
Detecting IE in 12 bytes
Detecting Private Browsing Mode
Detecting Privoxy Users and Circumventing It
Detecting States of Authentication With Protected Images
Detecting users via Authenticated Redirects
DHCP Script Injection
Dialog Spoofing - Firefox Basic Authentication
Diminutive Worm, 161 byte Web Worm
DNS poisoning via Port Exhaustion
DNS Rebinding for Credential Brute Force
DNS Rebinding for Scraping and Spamming
DNS Rebinding for Scraping and Spamming
DNS Rebinding on Java Applets
Dom Flow
DOMinator – Finding DOMXSS with dynamic taint propagation
DoS attacks via Abuse of Functionality vulnerabilities
Double eval() for DOM based XSS
Double eval() for DOM based XSS
Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames)
Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames)
Drupal 7 Core SQLi
eDellRoot
Effects of DNS Rebinding On IE’s Trust Zones
Embeding SVG That Contains XSS Using Base64 Encoding in Firefox
Encoding Filter Bypass 
Encoding Filter Bypass (UTF-7, Variable Width, US-ASCII)
Enumerate Windows Users In JS
Enumerating logins via Abuse of Functionality vulnerabilities
Enumerating Through User Accounts
Eradicating DNS Rebinding with the Extended Same-Origin Policy
Evading All Web Application filters
Evading All* WAF XSS Filters
Evercookie
Exaggerating Timing Attack Results Via GET Flooding
Excel formula injection in Google Docs
Expanding the Attack Surface
Expanding the Attack Surface
Expanding the control over the operating system from the database
Expansions on FREAK attack
Expect Header Injection Via Flash
Exploitation of “Self-Only” Cross-Site Scripting in Google Code
Exploiting CSRF Protected XSS
Exploiting Facebook Application XSS Holes to Make API Requests
Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
Exploiting Logged Out XSS Vulnerabilities
Exploiting Second Life
Exploiting the unexploitable XSS with clickjacking
Exploiting the unexploitable XSS with clickjacking
Exploiting Unexploitable XSS
Exploiting XSS in Ajax Web Applications
Exploiting XSS vulnerabilities on cookies
Exploiting XXE in File Parsing Functionality
Exploiting XXE in File Upload Functionality
Exponential XSS
Exponential XSS Attacks
Expression Language Injection
Expression Language Injection
F5 and Acunetix XSS disclosure
Facebook hosted DDOS with notes app
Facebook: Memorializing a User
Facebook: Memorializing a User
Father/Daughter Team Finds Valuable Facebook Bug
Favorites Gone Wild
File Download Injection
File Name Enumeration in Rails
File System API with HTML5 – Juice for XSS
FileCry
Filejacking: How to make a file server from your browser (with HTML5 of course)
Finding Weak Rails Security Tokens
Fireeye – Arbitrary reading and writing of the JVM process
Firefox 2 and WebKit nightly cross-domain image theft
Firefox cross-domain information theft (simple text strings, some CSV)
Firefox File Handling Woes
Firefox Header Redirection JavaScript Execution
Firefox Popup Blocker Allows Reading Arbitrary Local Files
Firefox XML injection into parse of remote XML
Firefox’s JAR: Protocol issues
Firefoxurl URI Handler Flaw
Flash Camera and Mic Remember Function and XSS
Flash clipboard Hijack
Flash Cookie Object Tracking
Flash Internet Explorer security model bug
Flash Origin Policy Issues
Flash Parameter Injection 
FlashFlood
Flickr's API Signature Forgery Vulnerability (MD5 extension attack)
Fooling B64_Encode(Payload) on WAFs and filters
Forget sidejacking, clickjacking, and carjacking: enter “Formjacking”
Forging HTTP request headers with Flash
Forging HTTP request headers with Flash
Formaction Scriptless attack updates
Frame Injection Fun
FREAK(Factoring attack on RSA-Export Keys)
Free MacWorld Platinum Pass? Yes in 2008!
Fun with data: URLs
Generic cross-browser cross-domain theft
Generic cross-browser cross-domain theft 
Generic cross-browser cross-domain theft 
Get Internal Network Information with Java Applets
Get Internal Network Information with Java Applets
GIFAR 
Gmail - Google Docs Cookie Hijacking through PDF Repurposing &PDF
Google Adsense CSRF hole
Google Docs puts Google Users at Risk
Google Dorks Strike Again
Google Drive SSO Phishing
Google GMail E-mail Hijack Technique
Google Hacks On Your Behalf
Google Chrome HTTP AUTH Dialog Spoofing through Realm Manipulation
Google Chrome/ChromeOS sandbox side step via owning extensions
Google Chrome/ChromeOS sandbox side step via owning extensions
Google Indexes XSS
Google plugs phishing hole
Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk
Google Two-Factor Authentication Bypass
Google Urchin password theft madness
Google User De-Anonymization
Google Vulnerable Code Dork
Governator Hack
Gravatar Email Enumeration in JavaScript
Hacker scans the internet
Hacking Auto-Complete (Safari v1, Safari v2 TabHack, Firefox,Internet Explorer)
Hacking CSRF Tokens using CSS History Hack
Hacking Facebook with HTML5
Hacking Facebook with HTML5
Hacking Intranets Through Web Interfaces
Hacking Intranets Via Brute Force
Hacking PayPal Accounts with 1 Click
Hacking RSS Feeds
Hacking without 0days: Drive-by Java
Hash Information Disclosure Via Collisions - The Hard Way
HashDOS: Effective Denial of Service attacks against web application platforms
Heartbleed
Hellfire for redirectors
Hidden XSS Attacking the Desktop & Mobile Platforms
Hiding JS in Valid Images
Hijacking Opera’s Native Page using malicious RSS payloads
Hijacking Safari 4 Top Sites with Phish Bombs
HikaShop Object Injection
HostGator: cPanel Security Hole Exploited in Mass Hack
Hostile Subdomain Takeover using Heroku/Github/Desk + more
Hostile Subdomain Takeover using Heroku/Github/Desk 
How Facebook lacked X-Frame-Options and what I did with it
How I hacked GitHub again
How I hacked Instagram to see your private photos
How I Hacked StackOverflow
How to Conceal XSS Injection in HTML5
How to Conceal XSS Injection in HTML5
How to defeat digg.com
How to get linked from Slashdot
How to get SQL query contents from SQL injection flaw
How to get SQL query contents from SQL injection flaw
How To Own Every User On A Social Networking Site
How to upload arbitrary file contents cross-domain
How to upload arbitrary file contents cross-domain (2)
How to use Google Analytics to DoS a client from some website.
HOW TO: Spy on the Webcams of Your Website Visitors
HScan Redux
HTML/CSS Injections - Primitive Malicious Code
HTML+TIME XSS attacks
HTML5 Hard Disk Filler™ API
HTML5 new XSS vectors
HTML5 XSS
HTTP Parameter Pollution (HPP)
HTTP POST DoS
HTTP Proxies Bypass Firewalls
HTTP Response Splitting and Data: URI scheme in Firefox
Hunting ASynchronous Vulnerabilities
Hyperlink Spoofing and the Modern Web
Chrome addon hacking (2, 3, 4, 5)
Chrome and Safari users open to stealth HTML5 AppCache attack
Chronofeit Phishing
Chronofeit Phishing
I know what your friends did last summer
I know what your friends did last summer
I know what you've got (Firefox Extensions)
I know where you've been
I used to know what you watched, on YouTube (CSRF + Crossdomain.xml)
IE "Print Table of Links" Cross-Zone Scripting Vulnerability
IE 7 and Firefox Browsers Digest Authentication Request Splitting
IE Sends Local Addresses in Referer Header
IE11 RCE
IE6.0 Protocol Guessing
IE7.0 Detector
IE8 Link Spoofing - Broken Status Bar Integrity
IE9 Self-XSS Blackbox Protection bypass
Iframe HTTP Ping
IIS5.1 Directory Authentication Bypass by using ":$I30:$Index_Allocation"
IIS6/ASP & file upload for fun and profit
IIS6/ASP & file upload for fun and profit
illusoryTLS
Image Names Gone Bad
IMAP Vulnerable to XSS
Improving HTTPS Side Channel Attacks
Improving HTTPS Side Channel Attacks
Initiating Probes Against Servers Via Other Servers
Injecting the script tag into XML
Inline UTF-7 E4X javascript hijacking
Inline UTF-7 E4X javascript hijacking
Inter Protocol Exploitation
Internal Port Scanning via Crystal Reports
Internal Port Scanning via Crystal Reports
Internet Archiver Port Scanner
Internet Explorer 7 "mhtml:" Redirection Information Disclosure
iPhone SSL Warning and Safari Phishing
ISO-8895-1 Vulnerable in Firefox to Null Injection
itms Decloaking
James Bennett – Django DOS
Java Applet Same IP Host Access
Java Applet Same-Origin Policy Bypass via HTTP Redirect
Java Applet DNS Rebinding
Java Applets and DNS Rebinding
Java Deserialization w/ Apache Commons Collections in WebLogic, WebSphere, JBoss, Jenkins, and OpenNMS
Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem
Java JAR Attacks and Features
JavaScript Code Flow Manipulation
JavaScript Global Namespace Pollution
JavaScript Port Scanning
JavaScript Portscanning and bypassing HTTP Auth
JavaSnoop
JavaSnoop
Join a Religion Via CSRF
JSON Hijacking with UTF-7
JSON-based XSS exploitation
Jumping out of Touch Screen Kiosks
Kindle Touch (5.0) Jailbreak/Root and SSH
Kindle Touch (5.0) Jailbreak/Root and SSH
Large Scale Detection of DOM based XSS
Launch any file path from web page
Linskys E420 Authentication Bypass Disclosure
Local DoS on CUPS to a remote exploit via specially-crafted webpage
Local DoS on CUPS to a remote exploit via specially-crafted webpage (1)
LocalRodeo Detection
Location based XSS attacks
Login Detection without JavaScript
LogJam
Lost in Translation (ASP’s HomoXSSuality)
Lost in Translation (ASP’s HomoXSSuality)
Lotus Notes Formula Injection
Lucky 13 Attack
Magic Hashes
Malformed URL in Image Tag Fingerprints Internet Explorer
Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user
Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user
Mario Heiderich – Mutation XSS
MD5 extension attack
Metaverse breached: Second Life customer database hacked
Microsoft ASP.NET Request Validation Bypass Vulnerability
Microsoft ASP.NET Request Validation Bypass Vulnerability (POC)
Microsoft IIS 0-Day Vulnerability Parsing Files (semi‐colon bug)
Microsoft IIS with Metasploit evil.asp;.jpg
Microsoft SChannel Vulnerability
Million Browser Botnet Video Briefing
Millions of PDF invisibly embedded with your internal disk paths
Millions of PDF invisibly embedded with your internal disk paths
Misfortune Cookie – TR-069 ACS Vulnerabilities in residential gateway routers
MITM attack to overwrite addons in Firefox
MitM DNS Rebinding SSL/TLS Wildcards and XSS
More Port Scanning - This Time in Flash
More URI Stuff… (IE’s Resouce URI)
MSIE Flash 0day targeting french aerospace
MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency
Multi-pass filters bypass
Multiple Facebook Messenger CSRF’s
Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java
Multiviews Apache, Accept Requests and free listing
MX Injection : Capturing and Exploiting Hidden Mail Servers
MySQL and SQL Column Truncation Vulnerabilities
MySQL Stacked Queries with SQL Injection...sort of
MySQL Stacked Queries with SQL Injection...sort of
NAT Pinning: Penetrating routers and firewalls from a web page
NAT Pinning: Penetrating routers and firewalls from a web page (forcing router to port forward)
Navigation Hijacking (Frame/Tab Injection Attacks)
Net Cross Site Scripting – Request Validation Bypassing (
Netflix.com XSRF vuln
Network Scanning with HTTP without JavaScript
New Evasions for Web Application Firewalls
New Methods in Automated XSS Detection: Dynamic XSS Testing Without Using Static Payloads
New PHPIDS vector
Next Generation Clickjacking
Nikon magazine hit with security breach
No Alnum JavaScript (cheat sheet, jjencode demo)
NODE.JS CONNECT CSRF BYPASS ABUSING METHODOVERRIDE MIDDLEWARE
Noisy Decloaking Methods
Non-Alpha-Non-Digit 3
Non-Obvious (Crypto) Bugs by Example
NoScript Bypass - "Reflective XSS" through Union SQL Poisoning Trick
NoScript Bypass - "Reflective XSS" through Union SQL Poisoning Trick
NTLM Relay via HTTP to internet or stealing windows user hashes while using java client
NULLs in entities in Firefox
NULLs in entities in Firefox
One vector to rule them all
OpenSSL CVE-2014-0224
Opera XSS vectors
Opera XSS vectors
Optimizing the number of requests in blind SQL injection
Our Favorite XSS Filters and how to Attack them
overwriting cookies on other people’s domains in Firefox. 
'Padding Oracle' Crypto Attack
'Padding Oracle' Crypto Attack (poet, Padbuster, demo,ASP.NET)
padding oracle web attack (poet, Padbuster, demo)
Paper on Hacking Intranets Using Websites (Not Web Browsers)
Parasitic computing using ‘Cloud Browsers’ (2)
Passing Malicious PHP Through getimagesize()
Password extraction from Ajax/DOM/HTML5 routine
Password mining from AWS/Parse Tokens
Pawn Storm (CVE-2015-7645)
Pawnstorm
Paypal Manager Account Hijack
PayPal Security Flaw allows Identity Theft
PDF XSS Can Compromise Your Machine
Penetrating Intranets through Adobe Flex Applications
Performing DDoS attacks with HTML5 Cross Origin Requests & WebWorkers
Permanent backdooring of HTML5 client-side application
Permanent backdooring of HTML5 client-side application [Apture example]
Persistent Cookies
Persistent Cookies and DNS Rebinding Redux
Persistent Cross Interface Attacks
Persistent SQL Injection
Phil Purviance – Don’t Use Linksys Routers
PHPIDS bypass
phpwn: Attack on PHP sessions and random numbers
phpwn: Attack on PHP sessions and random numbers
Ping pong obfuscation
Pixel Perfect Timing Attacks with HTML5
Poisoning proxy caches using Java/Flash/Web Sockets
Poking new holes with Flash Crossdomain Policy Files
Poodle
Popup & Focus URL Hijacking
Popup & Focus URL Hijacking
Port Scan without JavaScript
Port Scanning with HTML5 and JS-Recon
Port Scanning with HTML5 and JS-Recon
Posting raw XML cross-domain
Practical Timing Attacks using Mathematical Amplification of Time Difference in == Operator
Pulling system32 out over blind SQL Injection
Pure Java™, Pure Evil™ Popups
Pwning Opera Unite with Inferno’s Eleven
Pwning Opera Unite with Inferno’s Eleven
Pwning via SSRF (memcached, php-fastcgi, e
PXSS on long length videos to DOS
Quick Proxy Detection
Quicky Firefox DoS
Quicky Firefox DoS
Racing to downgrade users to cookie-less authentication
Random Number Security in Python
Rapid history extraction through non-destructive cache timing (v8)
RCE through mangled WAR upload into Tomcat App Manager using PUT-in-Gopher-over-XXE (1)
Read Firefox Settings (PoC)
Recursive DNS Resolver (DOS)
Recursive File Include DoS
Recursive Request DoS
Redirector’s hell
Reflected File Download
Relative Path Overwrite
Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)
Res Timing Attack
Res Timing File Enumeration Without JavaScript in IE7.0
Res:// Protocol Local File Enumeration
Residential Gateway “Misfortune Cookie”
Response Splitting Filter Evasion
Results, Unicode Left/Right Pointing Double Angel Quotation Mark
Re-visiting JAVA De-serialization: It can't get any simpler than this !!
RevSlider
RFC 1918 Blues
RFC1918 Caching Security Issues
Rosetta Flash
Ruby on Rails Session Termination Design Flaw
Safari Carpet Bomb
Safari Carpet Bomb 
Safari pwns Internet Explorer
Same Origin Bypass in Adobe Reader CVE-2014-8453
Same Origin Bypassing Using Image Dimensions
Same Origin Spoofing to Attack Client Certificate Sessions
Scanning internal Lan with PHP remote file opening.
Scraping & Spamming
Selecting Encoding Methods For XSS Filter Evasion
Server Side Template Injection
Server-Side Template Injection: RCE for the Modern Web App
Session Extending
Session Fixation
Session Fixation Via DNS Rebinding
Session Fixation Via DNS Rebinding
Session Puzzling (aka Session Variable Overloading)
Session Puzzling (aka Session Variable Overloading) 
setTimeout Clickjacking
Severe XSS in Google and Others due to the JAR protocol issues
ShellShock
Side Channel Attacks in SSL
Site Plagiarizes Blog Posts, Then Files DMCA Takedown on Originals
Skype cross-zone scripting vulnerability
Slideshare
Slowloris HTTP DoS
Slowloris HTTP DoS
SMB Decloaking
SMBEnum
SMTP Injection via Recipient Email Address
Smuggling SMTP through open HTTP proxies
SNMP XSS Attack
Soaksoak WordPress Malware
Social Networks Evil Twin Attacks
Socket Capable Browser Plugins Result In Transparent Proxy Abuse
Socket Capable Browser Plugins Result In Transparent Proxy Abuse
Spoofing Firefox protected objects
SpyTunes: Find out what iTunes music someone else has
SQL Smuggling
SQLi filter evasion cheat sheet (MySQL)
SSID Script Injection
St. Louis Federal Reserve DNS Redirect
Steal History without JavaScript
Stealing Basic Auth with Persistent XSS
Stealing entire Auto-Complete data in Google Chrome
Stealing Mouse Clicks for Banner Fraud
Stealing Pictures with Picasa
Stealing Search Engine Queries with JavaScript
Stealing User Information Via Automatic Form Filling
Stealth Cookie Stealing (new XSS technique)
Steam Browser Protocol Insecurity
Stiltwalker, exploits weaknesses in the audio version of reCAPTCHA
Stored XSS Vulnerability @ Amazon
Stripping Referrer for fun and profit
Stroke triggered XSS and StrokeJacking
Strokejacking
Strokejacking
Struts 2 OGNL Double Evaluation RCE
Stuffing Javascript into DNS names
Superfish SSL MitM
SurveyMonkey: IP Spoofing
Tabnabbing: A New Type of Phishing Attack
Tapjacking: owning smartphone browsers
Temporal Session Race Conditions Video 2
Text-based CAPTCHA Strengths and Weaknesses
The “I Know…” series. What websites know about you
The Attack of the TINY URLs
The Case of the Unconventional CSRF Attack in Firefox
The curse of inverse strokejacking
The Failure of Noise-Based Non-Continuous Audio Captchas
The New Age of XXE
The old is new, again. CVE20112461 is back!
The PayPal 2FA Bypass
The Unexpected Dangers of Dynamic JavaScript
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
There’s an OAK TREE in my blog!?!?!
Timing Attacks on CSS Shaders
Timothy Morgan – What You Didn’t Know About XML External Entity Attacks
Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval
Top 3 Proxy Issues That No One Ever Told You
Top-Level Universal XSS
Tor Hidden-Service Passive De-Cloaking
Total surveillance made easy with VoIP phone
Tracking users that block cookies with a HTTP redirect
Tracking users that block cookies with a HTTP redirect
Tunneling TCP over HTTP over SQL Injection 
Tunneling tcp over http over sql-injection
Turn Any Page Into A Greasemonkey Popup
Turning XSS into Clickjacking
Turning XSS into Clickjacking
TweetDeck XSS
Twitter misidentifying context
UI Redressing Mayhem: Firefox 0-Day And The LeakedIn Affair
UI Redressing Mayhem: HTTPOnly Bypass PayPwn Style
UI Redressing: Attacks and Countermeasures Revisited
Unauthenticated Backup and Password Disclosure In HandsomeWeb SOS Webpages cve-2014-3445
Unauthorized TinyURL URL Enumeration Vulnerability
Understanding and Managing Entropy Usage
Universal XSS in Adobe’s Acrobat Reader Plugin
Universal XSS in IE8
Universal XSS in IE8 
Untangling The DOM For More Easy-Juicy Bugs
UPnP Hacking via Flash
URL Hiding - new method of URL Spoofing attacks
URL Hiding - new method of URL Spoofing attacks
URL Spoofing vulnerability in bots of search engines 
URL Spoofing vulnerability in bots of search engines (#2)
Username Enumeration Timing Attacks (Sensepost)
Username Enumeration Vulnerabilities
Using Blended Browser Threats involving Chrome to steal files on your computer
Using Cookies For Selective DoS and State Detection
Using Cross-domain images in WebGL and Chrome 13
Using CSS to De-Anonymize
Using HTTP headers pollution for mobile networks attacks (2)
Using POST method to bypass IE-browser protected XSS
Using the HTML5 Fullscreen API for Phishing Attacks
Using WordPress as a intranet and internet port scanner
Using your browser URL history to estimate gender
Variable Width Encoding
Visitor Tracking Without Cookies (or How To Abuse HTTP 301s)
Weaknesses in RC4
Web Browser History Stealing
Web Browser Intranet Hacking / Port Scanning 
Web Mayhem: Firefox’s JAR: Protocol issues
Web pages Detecting Virtualized Browsers and other tricks
Web Timing Attacks Made Practical
Web Worms
Web Worms 
Who Are You? A Statistical Approach to Protecting LinkedIn Logins(CSS UI Redressing Issue)
Widespread XSS for Google Search Appliance
Will it Blend?
Winning the Online Banking War
WordPress Core RCE
Xanga Hit By Script Worm
X-Frame-Options (XFO) Detection from Javascript
XML Intranet Port Scanning
XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+
XSHM Mark 2
XSS Fragmentation Attacks
XSS in Skype for iOS
XSS Relocation Attacks through Word Hyperlinking
XSS Relocation Attacks through Word Hyperlinking
XSS Vulnerabilities in Common Shockwave Flash Files
XSS: Gaining access to HttpOnly Cookie in 2012
XSSing client-side dynamic HTML includes by hiding HTML inside images and more
XSSing client-side dynamic HTML includes by hiding HTML inside images and more
XSS-Track as a HTML5 WebSockets traffic sniffer
XSS-Track: How to quietly track a whole website through single XSS
Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency
Yes, you can have fun with downloads
Zach Cutlip – Remote Code Execution in Netgear routers