Next generation malware: Windows Vista's gadget API Windows has had the ability to embed HTML into it's user interface for many years. Right back to and including Windows NT 4.0, it has been possible to embed HTML into the task bar, but the OS has always maintained a sandbox, from which the HTML has been unable to escape. All this changes with Windows Vista.
Tunnelling HTTP Traffic Through XSS Channels: XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies. This paper explains the idea and the real world implementation. .
Download hereHaving Fun With PostgreSQL: PostgreSQL is one of the most commonly used open source database management systems. This paper describes weaknesses in the PostgreSQL configuration that may be abused for privilege escalation, as well as remote command execution and the uploading of arbitrary files to the system.
Download Here