In-Reply-To: <[EMAIL PROTECTED]> You've got to be kidding me?
>The vendor hasn't been notified because of their >handling of previous vulnerabilties I found in Invision >Board I am extremely responsible with regards to security and in most cases I've had a fix ready and available within 30 minutes of receiving note of a vulnerability. I take a dim view of posting exact details of vulnerabilities before people have a chance to patch their board and I take a dim view of needlessly alarming people with almost trivial matters, such as this. If you find a vulnerability in a program and you post details of how to exploit it without notifying the vendor then that is very irresponsible indeed.
