Public Localize bug reports.

Team Bounty Title
Localize - files likes of README.md is public
Localize - PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
Localize - PHP PDOException and Full Path Disclosure
Localize - PHP PDOException and Full Path Disclosure
Localize - Bug on registration as new Translator user
Localize - full path disclosure from false language
Localize - missing sender policy framework (SPF)
Localize - XSS in Team Only Area
Localize - Full Path Disclosure (FPD) in www.localize.im
Localize - Full Path Disclosure (FPD) in www.localize.im
Localize - Atttacker can send "Invitation Request" to a Project that is not even created yet!
Localize - Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)
Localize - Projects Watch or Notifications Settings Change Via CSRF
Localize - No Wildcard DNS
Localize - Private Project Access Request Invitation Sent Via CSRF
Localize - Private Project Access Request Accpeted Via CSRF
Localize - Group Deletion Via CSRF
Localize - Group Creation Via CSRF
Localize - OPTIONS Method Enabled
Localize - Deleting groups in any project without permission
Localize - Making groups in any project without permission
Localize - infinite number of new project creation!
Localize - Full Path Disclosure / Info Disclosure in Importing XML Section!
Localize - Full Path Disclosure / Info Disclosure in Creating New Group
Localize - Full Path Disclosure (FPD) in www.localize.io
Localize - Numerous open ports/services
Localize - X-Content-Type-Options header missing
Localize - Apache Documentation
Localize - Possible sensitive files
Localize - Login page password-guessing attack
Localize - Full Path Disclosure (2)
Localize - XSS in password
Localize - Full Path Disclosure
Localize - Sensitive file
Localize - CSRF in adding phrase.
Localize - Password type input with auto-complete enabled
Localize - User credentials are sent in clear text
Localize - A Serious Bug on SIGNUP Process!
Localize - Information Disclosure (Directory Structure)
Localize - Apache2 /icons/ folder accessible
Localize - Assigning a non-existing role to user causes exception when opening project page
Localize - No Cross-Site Request Forgery protection at multiple locations
Localize - Uninitialized variable error message leaks information
Localize - Server header - information disclosure
Localize - Business logic Failure - Browser cache management and logout vulnerability.
Localize - Path Disclosure (Info Disclosure) in http://www.localize.io
Localize - HTML/Javascript possible in "Discussion" section of reviews
Localize - Full path disclosure
Localize - XSS in Localize.io
Localize - Unexpected array leaks information about the system
Localize - XSS in invite approval
Localize - XSS in main page (invitation)
Localize - Password Policy
Localize - XSS in main page
Localize - XSS & HTML injection
Localize - Stored XSS
Localize - Change user settings through CSRF
Localize - No BruteForce Protection
Localize - XSS in Groups
Localize - Sign-up Form CSRF
Localize - HTML Form Without CSRF protection
Localize - ClickJacking