CVE-2006-4089

EPSS 24.80% · P96 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-4089

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

AlsaPlayer多个缓冲区溢出漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Andy Lo-A-Foe AlsaPlayer 0.99.76及早期版本存在多个缓冲区溢出漏洞，远程攻击者可借助以下向量触发拒绝服务攻击(应用程序崩溃)，也可能存在未知影响：(1) 网络服务器发送的一个超长Location字段，会在reader/http/http.c程序的reconnect函数中引发溢出错误；(2) 在AlsaPlayer寻找播放列表的媒体文件时，一个网络服务器发送的超长URL，会在interface/gtk/PlaylistWindow.cpp程序的new_list_item函数和C

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2006-4089

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2006-4089

请登录查看更多情报信息。

http://aluigi.altervista.org/adv/alsapbof-adv.txtx_refsource_MISC
http://securityreason.com/securityalert/1356third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/21422third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/27884vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/19450vdb-entryx_refsource_BID
http://www.osvdb.org/27883vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/22018third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/21639third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/27885vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/21749third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3235vdb-entryx_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-200608-24.xmlvendor-advisoryx_refsource_GENTOO
http://www.novell.com/linux/security/advisories/2006_21_sr.htmlvendor-advisoryx_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/28306vdb-entryx_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilities/28308vdb-entryx_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilities/28307vdb-entryx_refsource_XF
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.htmlmailing-listx_refsource_FULLDISC
http://www.securityfocus.com/archive/1/442725/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2006-4089

Same Patch Batch · n/a · 2006-08-11 · 25 CVEs total

CVE-2006-4090		Webligo BlogHoster 'PreviewComment.PHP'跨站脚本攻击漏洞
CVE-2006-4080		DeluxeBB 包含密码MD5哈希的cookie 跨站脚本攻击(XSS)和信息泄露漏洞
CVE-2006-4079		DeluxeBB 'Newpost.PHP'跨站脚本攻击漏洞
CVE-2006-4078		DeluxeBB 'PM.PHP'未授权访问漏洞
CVE-2006-4077		Comet WebFileManager' CheckUpload.php'远程文件包含漏洞
CVE-2006-4076		Wim Fleischhauer docpile 多个PHP远程文件包含漏洞
CVE-2006-4075		Wim Fleischhauer docpile 多个PHP远程文件包含漏洞
CVE-2006-4074		Joomla软件的JD-组件 'Main.PHP'远程文件包含漏洞
CVE-2006-4073		Fabian Hainz phpCC 多个PHP远程文件包含漏洞
CVE-2006-4072		CLUB Nuke多个SQL注入漏洞
CVE-2006-4092		Simpliciti Locked Browser浏览器JavaScript window.blur循环安全权限漏洞
CVE-2006-4091		Archangel Management Archangel Weblog 多个跨站脚本攻击(XSS)漏洞
CVE-2006-3813		Perl SuidPerl PERL调试消息任意代码执行漏洞
CVE-2006-4088		CivicSpace 多个跨站脚本攻击(XSS)漏洞
CVE-2006-4087		mojoscripts.com mojoGallery 'admin.cgi'跨站脚本攻击(XSS)漏洞
CVE-2006-4086		Elaine Aquino Online Zone Journals 'index.php'跨站脚本攻击(XSS)漏洞
CVE-2006-4085		Olaf Noehring的Search Engine Project 'pagenavigation.php' PHP远程文件包含漏洞
CVE-2006-4084		phpAutoMembersArea 不明安全攻击漏洞
CVE-2006-4083		myWebland myEvent 'viewevent.php'PHP远程文件包含漏洞
CVE-2006-4082		Barracuda Networks垃圾邮件防火墙编码密码安全特权提升漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2006-4089

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2006-4089

I. Basic Information for CVE-2006-4089

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2006-4089

III. Intelligence Information for CVE-2006-4089

Same Patch Batch · n/a · 2006-08-11 · 25 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2006-4089

Leave a comment