Two highly critical vulnerabilities in Oracle's E-Business Suite could put firms who haven't patched the flaws at risk of their systems getting hacked for illicit payments and other financial fraud.