xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp.
http://www.zataz.net/adviso/xmysqladmin-05292005.txt
http://securitytracker.com/id?1014172
http://secunia.com/advisories/15635