CERT

Cross Site Scripting Vulnerabilities on Major Websites (pdf)
Detailed paper on the risk of ActiveXs (pdf)
Vulnerability Note VN-98.07 Back Orifice
Advisory CA-1999-01 Trojan horse version of TCP Wrappers
Advisory CA-1999-02 Trojan Horses
Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests
Advisory CA-2000-04 Love Letter Worm
Advisory CA-2000-12 ActiveX Control Allows Local Files to be Executed
Incident Note IN-99-02 Happy99.exe Trojan Horse
Incident Note IN-2000-01 Windows Based DDOS Agents
Incident Note IN-2000-02 Exploitation of Unprotected Windows Networking Shares
Incident Note IN-2000-03 911 Worm
Incident Note IN-2000-06 Exploitation of "Scriptlet.Typelib" ActiveX Control
Incident Note IN-2000-07 Exploitation of Hidden File Extensions