Bypassing Flash's local-with-filesystem Sandbox
Abusing HTTP Status Codes to Expose Private Information
SpyTunes: Find out what iTunes music someone else has
CSRF: Flash + 307 redirect = Game Over
Close encounters of the third kind (client-side JavaScript vulnerabilities)
Tracking users that block cookies with a HTTP redirect
The Failure of Noise-Based Non-Continuous Audio Captchas
Kindle Touch (5.0) Jailbreak/Root and SSH
NULLs in entities in Firefox
Timing Attacks on CSS Shaders
CSRF with JSON -- leveraging XHR and CORS
Double eval() for DOM based XSS
Hidden XSS Attacking the Desktop & Mobile Platforms
Rapid history extraction through non-destructive cache timing (v8)
Lotus Notes Formula Injection
Stripping Referrer for fun and profit
How to upload arbitrary file contents cross-domain (2)
Exploiting the unexploitable XSS with clickjacking
How to get SQL query contents from SQL injection flaw
XSS-Track as a HTML5 WebSockets traffic sniffer
Cross domain content extraction with fake captcha
Autocomplete..again?!
JSON-based XSS exploitation
DNS poisoning via Port Exhaustion
Java Applet Same-Origin Policy Bypass via HTTP Redirect
HOW TO: Spy on the Webcams of Your Website Visitors
Launch any file path from web page
Crowd-sourcing mischief on Google Maps leads customers astray
BEAST
Bypassing Chrome's Anti-XSS filter
XSS in Skype for iOS
Cookiejacking
Stealth Cookie Stealing (new XSS technique)
SurveyMonkey: IP Spoofing
Using Cross-domain images in WebGL and Chrome 13
Filejacking: How to make a file server from your browser (with HTML5 of course)
Exploitation of "Self-Only" Cross-Site Scripting in Google Code
Expression Language Injection
(DOMinator) Finding DOMXSS with dynamic taint propagation
Facebook: Memorializing a User
How To Own Every User On A Social Networking Site
Text-based CAPTCHA Strengths and Weaknesses
Session Puzzling (aka Session Variable Overloading) Video 1, 2, 3, 4
Temporal Session Race Conditions Video 2
Google Chrome/ChromeOS sandbox side step via owning extensions
Excel formula injection in Google Docs
Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames)
CAPTCHA Hax With TesserCap
Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java
Abusing Flash-Proxies for client-side cross-domain HTTP requests [slides]