Just a short list:
- Courier x.xx: pgsql auth sql injection
- Ethereal 0.9.11, 0.9.12: buffer overflows
- ircd 2.10.3p3: buffer overflows
- dbmail 1.1: sql injections
- rsync 2.5.6: integer overflow (inside chroot)