In this work we present several new generic second-preimage attacks on hash functions. Our first attack is based on the herding attack, and applies to various Merkle-Damgård-based iterative hash functions. Compared to the previously known long-message second-preimage attacks, our attack offers more flexibility in choosing the second message in exchange for a small computational overhead. More concretely, in our attacks, the adversary may replace only a small number of blocks to obtain the second-preimage. As a result, the new attack is applicable to hash function constructions which were thought to be immune to the previously known second-preimage attacks. Such designs are the dithered hash proposal of Rivest, Shoup's UOWHF, and the ROX construction. We also suggest a few time-memory-data tradeoff variants for this type of attacks, allowing for a faster online phase, and even allow attacking significantly shorter messages than before. We follow and analyze the properties of the dithering sequence used in Rivest's hash function proposal, and develop a time-memory tradeoff which allows us to apply our second-preimage attack to a wider range of dithering sequences, including sequences which are much stronger than those in Rivest's proposals. Parts of our results rely on the kite generator, a new time-memory tradeoff tool. In addition to analysis of the Merkle-Damgård-like constructions, we analyze the security of the basic tree hash construction. We exhibit several second-preimage attacks on this construction, whose most notable variant is the time-memory-data tradeoff attack. Finally, we show how both the existing second-preimage attacks and our new attacks can be applied even more efficiently when multiple shorter rather than a single long target messages are given.