Research

Open Source Projects

• Author of Tinfoleak 

• Co-author and reviewer of OWASP Testing Guide v2.0

• Contributor of ISSAF (Information System Security Assessment Framework) Project v0.2.1A

• Contributor of OSSTMM (Open Source Security Testing Methodology Manual) v2.1

Security-related articles

• “OWASP Top 10 2013: actualización de los riesgos más extendidos asociados a las aplicaciones web“.
  SIC Magazine #106. September 2013

• “Android reverse engineering: and introductory guide to malware analysis“.
  Hakin9 Vol. 2 No. 3. June 2013

• “Controles técnicos de seguridad para la protección de aplicaciones Web“.
  SIC Magazine #94. April 2011

• “METPROSEG en RSI: construir la seguridad en el proceso de desarrollo desde unos cimientos sólidos“.
  SIC Magazine #85. June 2009

• “Desarrollos (inseguros) de software: panorama actual“.
  RedSeguridad Magazine. September 2007

• “MX Injection: Capturing and Exploiting Hidden Mail Servers“.
  Web Application Security Consortium. December 2006

• “Análisis de redes wireless: Medidas de seguridad“.
  ISECLab #6. September 2005

• “Análisis de redes wireless: Herramientas y técnicas de ataque“.
  ISECLab #5. July 2005

• “(In)seguridad en las aplicaciones Web“.
  SIC Magazine #65. June 2005

• “Control sobre dominios: gestión y recomendaciones“.
  SIC Magazine #55. June 2003

Security Advisories

• Vicente Aguilera Diaz (vaguilera) is listed in Barracuda Networks Bug Bounty Hall of Fame.

• Vicente Aguilera Diaz is credited by Oracle for finding vulnerabilities related to Oracle Critical Patch Update in January 2007 and April 2007.

• “URL Redirection to Untrusted Site (‘Open Redirect’) in Google generic TLD and ccTLD“.
  October 2015

• “Reflected XSS vulnerability in Boxcryptor“.
  February 2014

• “SQL Injection vulnerability in “Project’Or RIA” allow arbitrary access to the database and the file system“. CVE-2013-6164.
  July 2013

• “Multiple XSS vulnerabilities in “Project’Or RIA”. CVE-2013-6163.
  July 2013

• “Facebook HTML and Script code injection vulnerability“.
  March 2013

• “CSRF vulnerability in LinkedIn“.
  March 2013

• “XSS vulnerability in LinkedIn“.
  March 2013

• “Uninitialized variables allow to access the Motorito CMS administration panel“.
  March 2013

• “Multiple reflected XSS vulnerability in Atmail Webmail“. CVE-2013-6229.
  March 2013

• “XSS in the view attachment message process of the Atmail WebMail“. CVE-2013-2585.
  March 2013

• “Facebook social network vulnerable to CSRF“.
  August 2011

• “Facebook social network vulnerable to Open Redirect“.
  July 2011

• “Reflected XSS in the login process of the Atmail WebMail < v6.1.9“.
  September 2010

• “XSS in Oracle Portal Database Access Descriptor“.
  August 2010

• “Insecure direct object reference in TUENTI.COM allow to read any message user“.
  August 2010

• “Reflected XSS in the login process of the Atmail Webmail“. CVE-2010-4930.
  August 2010

• “Gmail vulnerable to automated password cracking“.
  July 2009

• “CSRF vulnerability in Gmail service“.
  August 2007

• “Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS“. CVE-2007-0275.
  January 2007

• “IMAP/SMTP Command Injection in Hastymail“. CVE-2006-5262. CVE-2006-5313.
  September 2006

• “XSS vulnerability in error page of ISMail“. CVE-2006-6364.
  September 2006

• “IMAP/SMTP Command Injection in SquirrelMail“. CVE-2006-0377.
  January 2006

Other contributions

• Contributor of OWASP Top 10 2010 Spanish Translation

• Coordinator of WASC Threat Classification v1.0 Spanish Translation