А вот за такое не люблю:
SRCDS will crash on some machines if you attempt to use an incorrect rcon password too many times. It seems that some machines are affected by this, while others are not. Valve has been notified a few times, and has been unwilling/unable to fix this.
If a command is received as the client is connecting, the server will crash or enter a state where it does not accept new connections, but has not crashed. This exploit can also happen if you remove the players entity, which shouldn't happen under normal circumstances. Valve has been notified, and is unwilling to fix this.
If cheats are enabled on a server, the point_servercommand entity can be created, which can be used by clients to execute rcon commands on the server. Premade scripts exist for this that will change the rcon password, and add the client as an admin. Valve has been notified, and is unwilling to fix this.
If you send an empty packet to the server, you can force it to send you the full state of the game, which will lag the server if done enough. Valve has been notified, and is unwilling to fix this.
If you use very large values for your mouse sensitivity, you can overwrite your X and Y coordinates, letting you teleport around. This has the potential to crash the server as well. Valve has been notified, and is unwilling to fix this.
The VSP interface built into the game can be used to load plugins on the game client, allowing them to change cheat-flagged cvars. This can allow them to have wallhacks, or alter weapon recharge rates. Valve has been notified, and is unwilling to fix this.
Это, замечу, баги не в древнем движке CS 1.6, а в свежем Сорсе, который используется в том числе в последнем Team Fortress 2. В старом же движке всё ещё более печально, известный баг с svc_bad не исправляется годами, народ уже на лицензионные сервера ставит кряк с мультипротоколом, поскольку в нём есть патч, исправляющий данную проблему. И никак иначе как уродами, Valve назвать нельзя...