You might also look at some of the exploits Kevin McCurley has on
the digicrime site. I don't think he's updated them for years, but
they're still there. James Muir has already pointed to some of the
similar exploits he's done.
The particular exploit that I think Paul is alluding to here (which I
haven't mentioned previously) is the following: in the latest Java API,
the constructor for the Socket class has been designed to allow
connections which by-pass proxies. So, if you have the Java 1.5 or
later VM enabled, you should beware that applets can open non-proxied
connections, regardless of both the proxy settings in your browser and
the proxy setting you set in the Java Control Panel.