Multiple Vulnerabilities in Yahoo! Web Services

My friend Rajesh Sethumadhavan has published an advisory about multiple vulnerabilities in many Yahoo services.

The advisory provides some proof of concept exploits and screenshots of authentication bypass, session binding, weak cookie encoding, cross-site scripting, file inclusion and url redirection vulnerabilities, which are caused due to improper validation of user-supplied inputs.
read more

Here is one news report about this vulnerability published in securitypronews.com