Hey guys (and girls)!
Yeah i can hardly belive I did that but I found 2 serious vulnerabilities in a popular message board.

The first one allows D.O.S Against the forum, Other allows stealing user accounts.

I dont wanna give too much details and I really need a week or two to study the issue, but I want to know - what is the best way to publish these vulnerabilities?

What should I say to company who make this message board, how much time should I wait until I publish my information outside and which way is the best way to do that?

p.s. I didnt see "general security" forum so i made the thread here.