Launchpad.net

CVE 2015-6817

PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.

See the CVE page on Mitre.org for more details.