Slackware 8.0 and before have a hole in locate that allows a user who has gained access to nobody to advance to root if root runs locate. Getting user nobody is often easy since apache is run as user nobody and a users web scripts there for run as nobody. A proper install would have a users scripts run as their uid.
Slackware Locate Vulnerability

Slackware 8.0 and before have man nonsuid and nonsgid so the directory the man pages are copied to are world writeable. Guessing the man page someone will request can lead to a compromise of their account. The sample exploit included only works against root and requires root to man man(meant to be as useless as possible while still proving the risk).
Slackware Man Vulnerability

Linux 2.4.3 - 2.4.6 has a default umask of 000. Any files created by init have the permision 666. Slackware 8.0 and earlier do not set a umask in the init scripts. This can affect other linux distros if they do not set a umask in the init scripts.
Linux Init Default Umask Vulnerability

My first advisory I worked on with guy a named wilson. We got our hands on a piece of software called mantrap. When trying to escape the chroot we crashed the box and it would no longer boot. You have to be careful when changing inodes by hand. It was reinstalled but the network card no longer worked so we never got the chance to break the chroot. We did release our findings up to that point in this advisory:
Mantrap advisory

This advisory on thttpd setup in brickhouse was discovered when I was trying to break the chroot on happyhacker.org. Using %2e and %2f you can get directory listings and traverse the directorys, this was a known problem, but you could not get out of the web root. In my attempts to get out of the webroot I used a big url and the server crashed. Then me and banned-it went through the source trying to find a way to exploit this(some other people looked at the source as well such as lamagra, thanks). We never found a way to exploit it and released an advisory on the DoS.
thttpd + brickhouse advisory