Full account takeover via Add a New Email to account without email verified and without password confirmation.

#Description : This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals ##Bug : Add a New Email to account without email verified and without password confirmation when the leaves open email ,Leading to the theft of account In less than a minute by reset password . ##PoC: http://goo.gl/tsqR60 #Suggestion for fix a bug : Request Confirm password to add this email. ##Example : http://goo.gl/y3mK0C Regards, Ahmed El-Mahalawy