Ebrahim Hegazy has found a serious vulnerability in Yahoo’s website that allows an attacker to remotely execute any commands on the server i.e. Remote Command Execution vulnerability. The vulnerability resides in a Chinese subdomin of Yahoo website. Yahoo has fixed the flaw within a day after he reported it to the security team and tip-off them of more threat. The flaw was an old one with a well known “Local Privilage Esclation” vulnerability, which means an attacker with such vulnerability can gain ROOT ACCESS to the server!!!!
Source: https://thehackernews.com/2014/01/yahoo-fixes-critical-remote-command.html