Two serious security vulnerabilities on Oracle's E-Business Suite could enable an attacker to run malicious code on an E-Business Suite server or view product configuration information.

A buffer overflow vulnerability in an E-Business Suite component called FNDWRR could let an attacker cause that program to crash.

FNDWRR is a common gateway interface program that lets customers view Oracle reports and log files through a web browser, according to an alert released by Integrity, the security research firm that discovered the vulnerabilities.

Attackers could use a web browser and specially crafted URLs to create a buffer overflow, crippling FNDWRR.

Oracle insisted that attacks against FNDWRR would not disable the E-Business Suite, but Integrity warned that the vulnerabilities could allow attackers to run malicious code.

Oracle also announced that a security hole was found in Java Server Pages (JSPs) associated with an E-Business Suite component called AOL/J Setup Test Suite.

Part of E-Business Suite's Oracle Applications Self-Service Framework (OA Framework), the Setup Test Suite, is installed on all Oracle 11i web and forms servers and is used to verify the installation and configuration of the OA Framework, Integrity said.

The JSPs contain multiple security vulnerabilities that could enable an attacker to obtain configuration information which could be used to exploit E-Business Suite.

A patch for the hole removes the security hole and requires users to sign on before viewing configuration information stored in the JSPs, Oracle said.

The vulnerabilities were both rated "high risk". Oracle provided software patches to fix each problem and strongly urged its customers to review the security bulletins and apply the patches.

Earlier this week Oracle disclosed a third vulnerability that affects the Oracle Database product.

A buffer overflow in an Database component called EXTPROC could allow an attacker to run malicious code on an affected machine.

Attackers would need to have a valid database login with special privileges to be able to take advantage of the flaw, and attacks could not be launched remotely, Oracle said.

An exception was in situations where the Oracle database was connected directly to the internet without protection from an intervening application server or firewall. However, best-practices guidelines strongly advised customers to avoid such high-risk deployments.

For those reasons, Oracle rated the vulnerability "low risk", saying it was most susceptible to exploitation by "insider attacks" originating on corporate intranets.

Oracle released a patch for the buffer overflow vulnerability and recommended that customers review the security alert before applying the patch.

In April, Oracle issued a patch for a critical buffer overflow vulnerability affecting all supported versions of Oracle database servers.

Meanwhile, Oracle is releasing the ninth update to its E-Business Suite 11i set of business applications, featuring 900 tweaks and features aimed at benefiting customers in a variety of industries.

The updates address capabilities requested by Oracle's customers, most notably in Oracle's financial applications, said Mike Rosser, Oracle's vice president of worldwide applications marketing.

The latest version of Oracle Financials includes more detailed revenue recognition controls, expanded expense audit management tools and reporting features, and extended multicurrency translation options.

A credit management application aids users in evaluating the creditworthiness of customers and prospects. Oracle has built into the software integration hooks with credit information sources such as Dun & Bradstreet's database.

New capabilities in the E-Business Suite 11i.9 have been tailored for companies in more than 20 industries, including defence, automotive, communication, packaged goods, financial services and life sciences.

The updates are available worldwide, via electronic download or CD-Rom, to new Oracle customers and existing customers with maintenance contracts.

Oracle is not working on any major overhauls of the E-Business Suite. It intends to stick with the 11i code base for the foreseeable future, updating it with new incremental releases every six to eight months.

Paul Roberts and Stacy Cowley write for IDG News Service

H.264 Converter Windowsfree MP4 to AVI Converter was simply the perfect choice for your video conversion needs for free MP4 to AVI Converter supports any common document formats. convert MP4 to AVI was Compatible with more than 150 video formats. To keep up with quickly advancing technology, the Video converting tool adds numbers of video formats as they're released!To change video formats with VOB to MP4 Converter is becoming more and more pinup. For it were particularly designed to VOB to MP4 Converter with outstanding sound and picture.The freeware supports converting audio to audio, video to video, extract pictures from video, and convert pictures to video at will. To VOB to MP4 Converter, you need an VOB to MP4 Converter. The easy-to-use but powerful video file converting freeware can help you change in the easy style, with its help you just need several easy clicks to turn video, and you also can do some special effects like trim, crop, add some effects on your mts videos.
Read More:Training For An Ultra Marathon,UK calls for global effort to tackle IP theft,Website,Great Fishing Tips That Everyone Can Try Out,How To Spot A Rip Off Payday Loan Company.