Open Source Projects
- Author of Tinfoleak
- Co-author and reviewer of OWASP Testing Guide v2.0
- Contributor of ISSAF (Information System Security Assessment Framework) Project v0.2.1A
- Contributor of OSSTMM (Open Source Security Testing Methodology Manual) v2.1
Security-related articles
- “OWASP Top 10 2013: actualización de los riesgos más extendidos asociados a las aplicaciones web“.
SIC Magazine #106. September 2013
- “Android reverse engineering: and introductory guide to malware analysis“.
Hakin9 Vol. 2 No. 3. June 2013
- “Controles técnicos de seguridad para la protección de aplicaciones Web“.
SIC Magazine #94. April 2011
- “METPROSEG en RSI: construir la seguridad en el proceso de desarrollo desde unos cimientos sólidos“.
SIC Magazine #85. June 2009
- “Desarrollos (inseguros) de software: panorama actual“.
RedSeguridad Magazine. September 2007
- “MX Injection: Capturing and Exploiting Hidden Mail Servers“.
Web Application Security Consortium. December 2006
- “Análisis de redes wireless: Medidas de seguridad“.
ISECLab #6. September 2005
- “Análisis de redes wireless: Herramientas y técnicas de ataque“.
ISECLab #5. July 2005
- “(In)seguridad en las aplicaciones Web“.
SIC Magazine #65. June 2005
- “Control sobre dominios: gestión y recomendaciones“.
SIC Magazine #55. June 2003
Security Advisories
- Vicente Aguilera Diaz (vaguilera) is listed in Barracuda Networks Bug Bounty Hall of Fame.
- Vicente Aguilera Diaz is credited by Oracle for finding vulnerabilities related to Oracle Critical Patch Update in January 2007 and April 2007.
- “Reflected XSS vulnerability in Boxcryptor“.
February 2014
- “SQL Injection vulnerability in “Project’Or RIA” allow arbitrary access to the database and the file system“. CVE-2013-6164.
July 2013
- “Facebook HTML and Script code injection vulnerability“.
March 2013
- “CSRF vulnerability in LinkedIn“.
March 2013
- “XSS vulnerability in LinkedIn“.
March 2013
- “Facebook social network vulnerable to CSRF“.
August 2011
- “Facebook social network vulnerable to Open Redirect“.
July 2011
- “Reflected XSS in the login process of the Atmail WebMail < v6.1.9“.
September 2010
- “XSS in Oracle Portal Database Access Descriptor“.
August 2010
- “Gmail vulnerable to automated password cracking“.
July 2009
- “CSRF vulnerability in Gmail service“.
August 2007
- “Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS“. CVE-2007-0275.
January 2007
- “IMAP/SMTP Command Injection in Hastymail“. CVE-2006-5262. CVE-2006-5313.
September 2006
- “XSS vulnerability in error page of ISMail“. CVE-2006-6364.
September 2006
- “IMAP/SMTP Command Injection in SquirrelMail“. CVE-2006-0377.
January 2006
Other contributions
- Contributor of OWASP Top 10 2010 Spanish Translation
- Coordinator of WASC Threat Classification v1.0 Spanish Translation