Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user.
https://exchange.xforce.ibmcloud.com/vulnerabilities/15193
http://www.securityfocus.com/bid/9647
http://sourceforge.net/forum/forum.php?forum_id=351705