Ruby 1.8.6 (Webrick Httpd 1.3.1) is vulnerable to a directory traversal flaw. The Ruby on Rails web server, Webrick Httpd 1.3.1, is vulnerable to directory traversal on systems that accept the backslash as a path separator and on case insensitive systems. Patches for the 1.8 and 1.9 code branches are available.
Multiple VMWare products running on Windows platforms with Shared Folders are vulnerable to a directory traversal attack. If an attacker can has access to a guest operating system they can exploit the vulnerability to gain write access to the underlying hosting system. This obviously opens the door for a multitude of attacks.
Until a patch is released users on Windows are advised to disable any Shared Folders that they may have configured.
The original advisory is at:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034