Yahoo Multiple Vulnerabilities Various Yahoo! services are vulnerable to authentication bypass, session binding, weak cookie encoding, cross-site scripting file inclusion and url redirection vulnerabilities, which is caused due to improper validation of user-supplied inputs. 1. Authentication Bypass and Session Binding Vulnerability. A malicious user can log on to the yahoo without submitting the username and password by constructing a malicious URL using cookies. 2. Cookie Encoding Security Weakness 3. Cross-Site Scripting. 4. URL redirection. Full Story in http://www.xdisclose.com __________________________________________________________________________
