kkFileView
kkFileView copied to clipboard
kekingcn
Universal File Online Preview Project based on Spring-Boot
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'officeFilePreviewImpl' defined in URL [jar:file:/D:/applicationSoft/kkFileView/kkFileView-4.0.0/bin/kkFileView-4.0.0.jar!/BOOT-INF/classes!/cn/keking/service/impl/OfficeFilePreviewImpl.class]: Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'officeToPdfService' defined in...
### What happened? There are 1 security vulnerabilities found in org.json:json 20090211 - [MPS-2022-13520](https://www.oscs1024.com/hd/MPS-2022-13520) ### What did I do? Upgrade org.json:json from 20090211 to 20180130 for vulnerability fix ### What...
问题描述 kkFileview v4.1.0存在SSRF漏洞,攻击者可以利用此漏洞造成服务器端请求伪造(SSRF),远程攻击者可以通过将任意url注入url参数来强制应用程序发出任意请求。 Description kkFileview v4.1.0 has an SSRF vulnerability, This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF),allows remote attackers to force the application...
Upgrade json from 20090211 to 20180130 for vulnerability fix: - [MPS-2022-13520](https://www.oscs1024.com/hd/MPS-2022-13520)
报错提示已经有进程在运行 ps -ef | grep libre根本看不到该进程
**问题描述Description** kkFileview v4.1.0存在另一处XSS漏洞,可能导致网站cookies泄露。 kkFileview v4.1.0 has another XSS vulnerability, which may lead to the leakage of website cookies. **漏洞位置vulerable code location** kkFileView/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java文件61行,errorMsg参数用户可控,传输到错误提示处理函数中处理后用于前端错误提示,整个流程未对errorMsg参数进行过滤处理 The vulnerability code is located at line 61...
下载ftp服务器上的文件时,会对url进行utf-8编码,而windows server 2016自带的ftp服务器是不识别这种编码后的url的(其他环境未测试)。 有使用中文名称文件需求的在FileHandlerService.java里注释掉 url = WebUtils.encodeUrlFileName(url);这行可以临时解决。
访问ftp服务器文件(kkFileView和ftp服务器均使用windows部署),如果文件名称带中文就打不开,英文名称的文件可以正常打开。 
任意文件上传:可以通过上传后门,导致服务器失陷  
