Public ExpressionEngine bug reports.

Team Bounty Title
ExpressionEngine - Potential code injection in fun delete_directory
ExpressionEngine - Image lib - unescaped file path
ExpressionEngine - Open redirects protection bypass
ExpressionEngine - Type Juggling -> PHP Object Injection -> SQL Injection Chain
ExpressionEngine - Arbitrary SQL query execution and reflected XSS in the "SQL Query Form"
ExpressionEngine - Filename and directory enumeration
ExpressionEngine - Full path + some back-end code disclosure
ExpressionEngine - Stored Cross-Site Scripting Vulnerability in /admin.php?/cp/admin_system/general_configuration
ExpressionEngine - Cross Site Scripting (Stored)