Yes, Snort has been used recently to detect a new vulnerability in Ethereal related to an NT ACE parsing DoS exploit.
It has also been used to detect a 0 day vulnerability in Samba, a file and print serving system in Networks, where the possibility of an integer overflow in an SMB daemon was found be lead to a possible exploit.
Snort is able to do this because of the ease of writing new rules and integrating them into its detection engine.
references to these !!!