Those files are archived public mailing list messages, so it seems like the intended behavior that they are publicly available.

On Tue, Feb 28, 2023, 11:50 AM Manpreet Singh <> wrote:
Hello Team , I have founded vulnerability in your domain .
Vulnerability :- Sensitive Information Disclosure
Qualitative Severity Information :- HIGH
Vulnerability Descriptions :- Directory Traversal To Python Mail servers By FTP.
Steps To Reproduce :-
2. In this you will see many directories that are disclosing .
3. Open Mail Directory you will find many mails , this is the URL :-
4. Click on any mail , it will automatically download the mail in gunzip format.
5. For Kali Users , type this command :- gunzip filename
6. After gunzip type this command in kali konsole :- leafpad filename , you will now see your python company mails that are hosted on FTP Protocol .

Note :- If you can't understand how to do it , you can mail me i will then send POC video .
Remediation :- Prevent this information from being displayed to the user.

Thanking You,
Manpreet Singh
(Security Researcher)
docs mailing list --
To unsubscribe send an email to
Member address: