Public Yahoo! bug reports.

Team Bounty Title
Yahoo! - Blind Sql Injection
Yahoo! $250 Yahoo! Reflected XSS
Yahoo! $50 Default /docs folder of PHPBB3 installation on
Yahoo! $200 Yahoo Sports Fantasy Golf (Join Public Group)
Yahoo! - Open Redirect via Request-URI
Yahoo! - Multiple vulnerabilities
Yahoo! $100 Testing for user enumeration (OWASP‐AT‐002) -
Yahoo! $50 Authorization issue on
Yahoo! -
Yahoo! $250 Infrastructure and Application Admin Interfaces (OWASP‐CM‐007)
Yahoo! - Authentication Bypass due to Session Mismanagement
Yahoo! - Yahoo! Messenger v11.5.0.228 emoticons.xml shortcut Value Handling Stack-Based Buffer Overflow
Yahoo! - Loadbalancer + URI XSS #3
Yahoo! $300 information disclosure (LOAD BALANCER + URI XSS)
Yahoo! $500 - XSS (STORED)
Yahoo! $250 readble .htaccess + Source Code Disclosure (+ .SVN repository)
Yahoo! $2,500 Local File Include on
Yahoo! - clickjacking on leaving group(flick)
Yahoo! - Unvalidate open url redirection
Yahoo! $400 - CSRF/email disclosure
Yahoo! $500 XSS in
Yahoo! $250 Bypass of the Clickjacking protection on Flickr using data URL in iframes
Yahoo! $2,000 Open Proxy,, 4/09/14, #SpringClean
Yahoo! $200 CSRF Token is missing on DELETE message option on
Yahoo! $400 CSRF Token missing on
Yahoo! $3,000 REMOTE CODE EXECUTION/LOCAL FILE INCLUSION/XSPA/SSRF, view-source:http://sb*, 4/6/14, #SpringClean
Yahoo! $500 Comment Spoofing at
Yahoo! $1,000 Header injection on
Yahoo! $250 Cross-origin issue on
Yahoo! $300 reflected XSS,, 4/8/14, #SpringClean
Yahoo! $500 Significant Information Disclosure/Load balancer access,, 4/8/14, #SpringClean
Yahoo! - Information Disclosure,,6-april-2014, #SpringClean
Yahoo! $100 XSS in Yahoo! Web Analytics
Yahoo! - Out of date version
Yahoo! $800 From Unrestricted File Upload to Remote Command Execution
Yahoo! - Open redirect on
Yahoo! - Open URL Redirection
Yahoo! $500 Server Side Request Forgery
Yahoo! - Almost all the subdomains are infected.
Yahoo! - Stored Cross Site Scripting Vulnerability in Yahoo Mail
Yahoo! $250 XSS Vulnerability (
Yahoo! - Clickjacking at
Yahoo! - Authentication bypass at
Yahoo! $1,000 SQL Injection ON HK.Promotion
Yahoo! $100 configuration file disclosure
Yahoo! - Yahoo mail login page bruteforce protection bypass
Yahoo! - Yahoo open redirect using ad
Yahoo! - Reflected XSS in
Yahoo! $1,500 XSS on Every page
Yahoo! $1,276 HK.Yahoo.Net Remote Command Execution
Yahoo! - Insufficient validation of redirect URL on login page allows hijacking user name and password
Yahoo! - In Fantasy Sports iOS app, signup page is requested over HTTP
Yahoo! $1,390 Local file inclusion
Yahoo! - A csrf vulnerability which add and remove a favorite team from a user account.
Yahoo! - XSS Reflected - Yahoo Travel
Yahoo! $3,705 SQLi on
Yahoo! $750 Flickr: Invitations disclosure (resend feature)
Yahoo! $800 HTML Injection on flickr screename using IOS App
Yahoo! - URL Redirection
Yahoo! - Yahoo YQL Injection?
Yahoo! - HTML Code Injection
Yahoo! - Vulnerability found, XSS (Cross site Scripting)
Yahoo! - ClickJacking on
Yahoo! - Authentication Bypass in Yahoo Groups
Yahoo! - clickjacking
Yahoo! $800 XSS in my yahoo
Yahoo! $2,500 Security.allowDomain("*") in SWFs on allows data theft from Yahoo Mail (and others)
Yahoo! - Directory Traversal
Yahoo! - Information Disclosure
Yahoo! - Bypass of anti-SSRF defenses in YahooCacheSystem (affecting at least YQL and Pipes)
Yahoo! - XSS using yql and developers console proxy
Yahoo! $1,960 Store XSS Flicker main page
Yahoo! - Java Applet Execution On Y! Messenger
Yahoo! $2,173.75 Cross-site scripting on the main page of flickr by tagging a user.
Yahoo! $677.50 XSS Yahoo Messenger Via Calendar.Yahoo.Com