In terms of information security, a vulnerability is a weakness that can be leveraged to compromise the confidentiality, integrity, or availability of an information system. An exploit is software that has been specially crafted to take advantage of a vulnerability.
A false positive occurs when a vulnerability scan indicates a vulnerability and none exists. A false negative occurs when the scan does not detect a vulnerability and one actually exists. A false negative is more dangerous because a vulnerability has been overlooked.
An SQL injection is a type of vulnerability that occurs when a web application does not properly sanitize user input which allows the potential manipulation of the underlying database.
A buffer overflow is a type of vulnerability that occurs when a programming error allows user input to write to memory beyond the space allocated for it.
A race condition is a type of vulnerability that occurs when, through careful timing, a user could alter a sequence of events to create a vulnerability.
A file inclusion is a type of vulnerability that occurs when a web application allows the user to submit input into files or upload files to a server.