Yahoo Multiple Vulnerabilities

Various Yahoo! services are vulnerable to authentication bypass, session
binding, weak cookie encoding, cross-site scripting file inclusion and url
redirection vulnerabilities, which is caused due to improper validation of
user-supplied inputs.

*. Authentication Bypass and Session Binding Vulnerability.
A malicious user can log on to the yahoo without submitting the username
and password by constructing a malicious URL using cookies.
2. Cookie Encoding Security Weakness
*. Cross-Site Scripting.
4. URL redirection.

Full Story in [URL="http://www.xdisclose.com"]http://www.xdisclose.com[/URL]


_________________________________________________________________